Publora Linkedin
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: publora-linkedin Version: 2.0.1 The skill bundle provides standard documentation and code snippets for an AI agent to interact with the Publora API (api.publora.com) for LinkedIn management. It includes instructions for posting, scheduling, analytics, and engagement (reactions/comments) without any signs of malicious intent, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a valid key, the agent could post, schedule, comment, react, or remove engagement under the connected LinkedIn profile or organization.
The skill is explicitly for actions that can publish or modify LinkedIn-facing content and engagement through the Publora API. This is purpose-aligned, but high-impact enough to require user review of the exact content, target platform, and timing.
Use this skill when the user wants to publish or schedule LinkedIn posts, retrieve analytics ... manage reactions, post comments, or @mention people/organizations via Publora.
Require explicit user confirmation for each publishing, scheduling, comment, reaction, or deletion action, including the final text, post ID, platform ID, and scheduled time.
Anyone or any agent flow with access to the key may be able to perform allowed Publora actions for the connected LinkedIn account.
The skill requires a Publora API key to act on the user's connected account. This is expected for the integration, but the key represents delegated authority over Publora/LinkedIn actions.
**Header:** `x-publora-key: sk_YOUR_KEY`
Use a dedicated, revocable Publora key with the least necessary access, store it in a secret manager or approved configuration path, and avoid pasting real keys into ordinary chat messages.
Using the referenced core skill could introduce additional permissions, setup steps, or behavior not assessed here.
Part of the expected workflow depends on a separate core skill or documentation that was not included in the provided artifacts. This is not suspicious by itself, but it means this review does not cover that referenced component.
For auth, core scheduling, media upload, and workspace/webhook docs, see the `publora` core skill.
Review and install the referenced Publora core skill only from a trusted source, and check its credential handling and permissions separately.