ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

LinkedIn Post

v1.0.1

Draft, prepare, and publish LinkedIn feed posts through OpenClaw browser automation. Use when a user wants to turn approved post copy into a real LinkedIn fe...

0· 9·0 current·0 all-time
byKanto(칸토)@yonghyeokrhee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is clearly intended to drive the OpenClaw browser CLI to prepare/publish LinkedIn feed posts, which matches the included python helper. However the registry metadata claims no required env vars or binaries while both the SKILL.md and the code require the 'openclaw' CLI and a gateway token (OPENCLAW_GATEWAY_TOKEN or an openclaw.json). That metadata omission is an incoherence.
Instruction Scope
SKILL.md describes a narrow prepare-then-post flow and the python script implements only those steps (open/start/snapshot/fill/click via OpenClaw). The instructions do not request reading unrelated files or exfiltrating data to external endpoints beyond the OpenClaw gateway flow. They correctly warn to avoid publishing without explicit approval.
Install Mechanism
No install spec is present (instruction-only plus a helper script). Nothing is downloaded from external URLs and no archives are extracted. The highest-risk install pattern is not present.
!
Credentials
The script legitimately needs a gateway token and the openclaw CLI, and it reads ~/.openclaw/openclaw.json or a user-provided config. Those requirements are proportionate to the purpose, but the registry does not declare them. Additionally, reading the user's openclaw.json can expose any tokens contained therein — this is expected for the task but should be clearly declared in metadata so users can decide.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It runs as a one-off helper invoked by the agent; autonomous invocation is allowed (platform default) but not combined with other high-risk indicators here.
What to consider before installing
This skill appears to implement exactly what it claims (automating OpenClaw to prepare/publish LinkedIn feed posts), but metadata omissions are concerning. Before installing: 1) Confirm the openclaw CLI is installed on the host and that you trust it. 2) Inspect your ~/.openclaw/openclaw.json (or the file you will pass with --config) to know what tokens the script will read, and consider exporting OPENCLAW_GATEWAY_TOKEN explicitly instead of leaving unexpected tokens in config files. 3) Note the SKILL.md references scripts/linkedin_post.py but the included file is linkedin_post.py — verify the script path before running. 4) Test the helper with prepare-only (no --publish) to validate behavior, and never run with --publish unless you explicitly approve the final text. 5) Ask the publisher/registry to correct the metadata (declare required binaries and OPENCLAW_GATEWAY_TOKEN) so the requirements are transparent. If you cannot verify these points or do not trust the publisher, do not install or grant the skill access to your browser profile and gateway token.

Like a lobster shell, security has layers — review code before you run it.

browser-automationvk97128p352sts6rxj49eesr509851d8tlatestvk97128p352sts6rxj49eesr509851d8tlinkedinvk97128p352sts6rxj49eesr509851d8tstablevk97128p352sts6rxj49eesr509851d8t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments