Publora Linkedin
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Publora/LinkedIn API instruction skill, but it can publish or change LinkedIn content if given a Publora API key, so users should approve those actions carefully.
Install only if you intend to let the agent help with LinkedIn publishing through Publora. Before any post, scheduled post, comment, reaction, or deletion, verify the exact content and account target. Keep the Publora API key secure and review the separate Publora core skill if you rely on it for authentication, media upload, or workspace features.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a valid key, the agent could post, schedule, comment, react, or remove engagement under the connected LinkedIn profile or organization.
The skill is explicitly for actions that can publish or modify LinkedIn-facing content and engagement through the Publora API. This is purpose-aligned, but high-impact enough to require user review of the exact content, target platform, and timing.
Use this skill when the user wants to publish or schedule LinkedIn posts, retrieve analytics ... manage reactions, post comments, or @mention people/organizations via Publora.
Require explicit user confirmation for each publishing, scheduling, comment, reaction, or deletion action, including the final text, post ID, platform ID, and scheduled time.
Anyone or any agent flow with access to the key may be able to perform allowed Publora actions for the connected LinkedIn account.
The skill requires a Publora API key to act on the user's connected account. This is expected for the integration, but the key represents delegated authority over Publora/LinkedIn actions.
**Header:** `x-publora-key: sk_YOUR_KEY`
Use a dedicated, revocable Publora key with the least necessary access, store it in a secret manager or approved configuration path, and avoid pasting real keys into ordinary chat messages.
Using the referenced core skill could introduce additional permissions, setup steps, or behavior not assessed here.
Part of the expected workflow depends on a separate core skill or documentation that was not included in the provided artifacts. This is not suspicious by itself, but it means this review does not cover that referenced component.
For auth, core scheduling, media upload, and workspace/webhook docs, see the `publora` core skill.
Review and install the referenced Publora core skill only from a trusted source, and check its credential handling and permissions separately.