Linkedin Content Machine

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a content-generation package with documentation and samples, not code that accesses accounts or sensitive data.

Safe to treat as prompts, marketing copy, and sample LinkedIn content. Before relying on the advertised linkedin-* commands, verify the package actually includes those executables and inspect them, because they are referenced in metadata but absent from this reviewed artifact. Users sharing video links should also be aware the README does not state how submitted links or derived content would be retained or reused.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The README explicitly asks users to share a YouTube video link but provides no notice about how submitted links, associated channel data, or any derived content will be handled, stored, or reused. In a lead-generation and content-repurposing skill, this omission can mislead users about privacy expectations and create risk of unintended collection or secondary use of creator data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal