LinkedIn Automation Enhanced
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is broadly aligned with LinkedIn automation, but it can publish and engage publicly through a logged-in LinkedIn session, schedule future posts, and includes one hard-coded personal profile target.
Before installing, make sure you are comfortable with an agent acting through your LinkedIn session. Review every post, article, like, and comment before it goes live, avoid unbounded recurring schedules, remove or fix the hard-coded profile URL, and only configure optional webhooks you control.
Publisher note
Automate LinkedIn content creation, posting, engagement tracking, and audience growth. Enhanced with improved browser cleanup, error handling, and production-tested scripts.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could post, publish, like, or comment in the user's name, which may affect reputation, privacy, or platform standing.
The skill exposes workflows that can publish content and perform likes/comments on LinkedIn. These are public account mutations, and the provided artifacts do not define a required per-action user confirmation step before the final public action.
# Post content ... {baseDir}/scripts/post.sh "Your post content here"
# Publish native article ... {baseDir}/scripts/article.sh ...
# Engage with feed (like/comment on relevant posts)
{baseDir}/scripts/engage.sh --limit 10Require explicit user review and confirmation immediately before every post, article publication, like, or comment, and keep limits narrow.
Future LinkedIn posts may be made automatically on a recurring schedule, including after the user forgets the job exists.
The skill documents recurring scheduled posting through OpenClaw cron. This creates persistent automation that can post in the future without the user being present unless the schedule is carefully constrained.
cron add --schedule "0 9 * * 1-5" --payload "Post my LinkedIn content: [content]"
Use one-time schedules where possible, set an end date, review installed cron jobs regularly, and require confirmation before scheduled posts are published.
Analytics results may not reflect the user's own LinkedIn activity, and the hard-coded profile indicates the script may not be fully generalized for other users.
The skill is presented as general LinkedIn automation for the installing user, but this analytics script navigates to a specific personal profile. That is a purpose mismatch and may produce misleading analytics or operate on unintended profile data.
openclaw browser navigate --targetId "$LINKEDIN_TAB_LABEL" https://www.linkedin.com/in/renatomaluhy/recent-activity/all/
Replace hard-coded profile URLs with the current user's profile or a clearly configurable value before using analytics features.
Actions taken by the automation may appear as if the user performed them directly.
The skill intentionally relies on the user's authenticated LinkedIn browser session. This is expected for LinkedIn automation, but it means the skill acts with the user's account privileges.
Requires browser access with LinkedIn logged in.
Use only with the intended LinkedIn account and browser profile, and log out or disable the skill when not needed.
If configured, status information about LinkedIn automation failures may be sent to an external Discord endpoint.
The analytics script can send alert messages to a Discord webhook if the environment variable is configured. This is optional and appears limited to alerts, but it is an external data flow not declared in registry environment metadata.
DISCORD_WEBHOOK="${DISCORD_WEBHOOK:-}"
...
curl -s -X POST "$DISCORD_WEBHOOK" ... "LinkedIn Analytics Alert: $message"Only configure a Discord webhook you control, and avoid including sensitive account or analytics details in alert messages.
The skill may fail or behave differently depending on undeclared local tools and optional configuration.
The script documents runtime requirements that are not reflected in the registry requirements section, which declares no required binaries or environment variables.
# REQUIREMENTS: # - OpenClaw browser running (openclaw browser start) # - LinkedIn session active (logged in) # - jq installed for JSON processing # - Discord webhook configured (optional, for failure alerts)
Review the scripts before use and ensure required tools and optional environment variables are intentionally installed or configured.