Back to skill
Skillv1.0.0
ClawScan security
LinkedIn Post Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 14, 2026, 9:40 PM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions mostly match a LinkedIn drafting/scheduling tool, but the runtime doc references external backends and environment variables (Publora API key, custom poster) and a private upstream path without declaring them — an incoherence you should resolve before trusting it.
- Guidance
- This skill appears to do what it claims (draft and optionally schedule LinkedIn posts) but there are two practical red flags to resolve before installing: (1) SKILL.md expects external backends and environment variables (PUBLORA_API_KEY, LINKEDIN_SKILLS_CUSTOM_POSTER) but the manifest lists no required env vars — ask the publisher to declare any credentials, explain precisely when the skill will call external APIs, and provide the vendor/domain for any scheduler (Publora). (2) SKILL.md references an upstream local path to private corporate knowledge — verify whether the skill will attempt to read any local files or private repos. Before enabling automatic scheduling, require explicit user confirmation in the UI and verify the third-party scheduler's privacy/security practices. If you cannot get clear answers about the undeclared env vars and the upstream path, treat the skill as untrusted and use manual mode only.
Review Dimensions
- Purpose & Capability
- noteThe name/description (draft LinkedIn posts, apply hook formulas, optionally schedule) aligns with the instructions: drafting, a humanizer pass, an approval card, and optional scheduling via a backend. However, the SKILL.md references concrete backends and variables (PUBLORA_API_KEY, LINKEDIN_SKILLS_CUSTOM_POSTER) and an upstream local path that are not declared in the skill metadata — this is inconsistent and should be justified or fixed.
- Instruction Scope
- concernRuntime instructions instruct the agent to: run a humanizer pass, optionally invoke other skills (linkedin-post-audit, linkedin-humanizer), call lib.active_backend(), and—if a Publora backend is active—call lib.PubloraClient.create_post. Those instructions may cause the agent to transmit drafted content (and potentially scheduling metadata) to external services. The SKILL.md also points to an absolute upstream path (../../corporate-knowledge/...) which implies reliance on local private files not declared or included. The instructions reference environment variables and backends that the skill manifest does not declare, giving the agent broad runtime choices without clear, declared permissions.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by the skill package itself.
- Credentials
- concernThe skill metadata declares no required environment variables, yet SKILL.md explicitly expects PUBLORA_API_KEY and LINKEDIN_SKILLS_CUSTOM_POSTER to enable scheduling/backends. That mismatch is problematic: if those variables are present in the environment, the skill will use them (possibly posting content); if not, it defaults to manual mode. The skill should declare any credentials it can use and explain what data it will send to third-party scheduling APIs. The upstream local path reference also suggests hidden dependencies on private data.
- Persistence & Privilege
- okalways:false and no install-time persistence are set — the skill does not request permanent inclusion or elevated agent privileges. The skill can be invoked autonomously (platform default), which is expected for a productivity skill; this is not in itself flagged, but it does increase the importance of resolving the environment/endpoint inconsistencies above.