Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Linkedin Reply Handler
v1.0.0Drafts precise LinkedIn comment replies from a given comment URL, handling thread structure to post under the correct top-level comment URN.
⭐ 0· 34·0 current·0 all-time
bySergey Bulaev@sergebulaev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (draft and post LinkedIn replies) aligns with the instructions, but the SKILL.md expects external backends (Publora, HarvestAPI, and an optional custom poster) and environment flags (PUBLORA_API_KEY, LINKEDIN_SKILLS_CUSTOM_POSTER) that are not declared in the skill's metadata. That mismatch—required credentials/backends referenced but not listed—is unexpected and should be justified.
Instruction Scope
Instructions stay within the stated goal (parse comment URL, fetch thread context, draft reply, wait for approval, then react/post). They explicitly instruct fetching post/comment threads and the user's prior comment (necessary for context) and to call lib.* helpers (e.g., lib.active_backend(), lib.manual_mode_message). Those lib calls and external API interactions will cause network activity and cross-skill/backend invocation; this is expected for posting but the implementation details (which endpoints, what data is transmitted) are not specified.
Install Mechanism
This is instruction-only with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by the skill package itself.
Credentials
The SKILL.md conditionally relies on credentials and backends (PUBLORA_API_KEY for Publora posting, LINKEDIN_SKILLS_CUSTOM_POSTER for a custom poster, and possibly HarvestAPI access) but the skill declares no required env vars. A posting backend key (PUBLORA_API_KEY) would grant write actions on behalf of the user and should be explicitly declared and scoped. The omission is an incoherence and a privilege/credential transparency problem.
Persistence & Privilege
The skill does not request persistent presence (always:false) and doesn't indicate it will modify other skills or system-wide config. It requires user approval before posting, per SKILL.md, which reduces risk of silent actions.
What to consider before installing
This skill looks like it will do what it says (draft and post LinkedIn replies), but there are important gaps you should resolve before installing: 1) Ask the publisher which environment variables/backends are required and why (e.g., PUBLORA_API_KEY, LINKEDIN_SKILLS_CUSTOM_POSTER, HarvestAPI). These were referenced in the instructions but not declared. 2) Confirm what 'Publora' endpoint is used, what scopes the API key needs, and whether posting occurs only after the agent shows an approval card (the SKILL.md says it does, but verify in practice). 3) If you can't verify the backend, prefer to run the skill in manual mode (no posting credentials configured) so it outputs the reply for you to paste, and test with non-sensitive accounts. 4) Request explicit documentation of the lib.* helpers the skill calls (lib.active_backend(), lib.manual_mode_message) — ensure they are provided by the platform and not calling arbitrary external code. 5) If you must provide an API key for automated posting, restrict its scope and rotate/delete it after testing. If the publisher cannot supply clarifying metadata and declared env requirements, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk9758m530ww65bzmg8vc936k4d84t3qqlinkedinvk9758m530ww65bzmg8vc936k4d84t3qqmarketingvk9758m530ww65bzmg8vc936k4d84t3qqsocial-mediavk9758m530ww65bzmg8vc936k4d84t3qq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.