ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Linkedin Reply Handler

v1.0.0

Drafts precise LinkedIn comment replies from a given comment URL, handling thread structure to post under the correct top-level comment URN.

0· 72·0 current·0 all-time
bySergey Bulaev@sergebulaev

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sergebulaev/linkedin-reply-handler.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Linkedin Reply Handler" (sergebulaev/linkedin-reply-handler) from ClawHub.
Skill page: https://clawhub.ai/sergebulaev/linkedin-reply-handler
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install linkedin-reply-handler

ClawHub CLI

Package manager switcher

npx clawhub@latest install linkedin-reply-handler
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (draft and post LinkedIn replies) aligns with the instructions, but the SKILL.md expects external backends (Publora, HarvestAPI, and an optional custom poster) and environment flags (PUBLORA_API_KEY, LINKEDIN_SKILLS_CUSTOM_POSTER) that are not declared in the skill's metadata. That mismatch—required credentials/backends referenced but not listed—is unexpected and should be justified.
Instruction Scope
Instructions stay within the stated goal (parse comment URL, fetch thread context, draft reply, wait for approval, then react/post). They explicitly instruct fetching post/comment threads and the user's prior comment (necessary for context) and to call lib.* helpers (e.g., lib.active_backend(), lib.manual_mode_message). Those lib calls and external API interactions will cause network activity and cross-skill/backend invocation; this is expected for posting but the implementation details (which endpoints, what data is transmitted) are not specified.
Install Mechanism
This is instruction-only with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by the skill package itself.
!
Credentials
The SKILL.md conditionally relies on credentials and backends (PUBLORA_API_KEY for Publora posting, LINKEDIN_SKILLS_CUSTOM_POSTER for a custom poster, and possibly HarvestAPI access) but the skill declares no required env vars. A posting backend key (PUBLORA_API_KEY) would grant write actions on behalf of the user and should be explicitly declared and scoped. The omission is an incoherence and a privilege/credential transparency problem.
Persistence & Privilege
The skill does not request persistent presence (always:false) and doesn't indicate it will modify other skills or system-wide config. It requires user approval before posting, per SKILL.md, which reduces risk of silent actions.
What to consider before installing
This skill looks like it will do what it says (draft and post LinkedIn replies), but there are important gaps you should resolve before installing: 1) Ask the publisher which environment variables/backends are required and why (e.g., PUBLORA_API_KEY, LINKEDIN_SKILLS_CUSTOM_POSTER, HarvestAPI). These were referenced in the instructions but not declared. 2) Confirm what 'Publora' endpoint is used, what scopes the API key needs, and whether posting occurs only after the agent shows an approval card (the SKILL.md says it does, but verify in practice). 3) If you can't verify the backend, prefer to run the skill in manual mode (no posting credentials configured) so it outputs the reply for you to paste, and test with non-sensitive accounts. 4) Request explicit documentation of the lib.* helpers the skill calls (lib.active_backend(), lib.manual_mode_message) — ensure they are provided by the platform and not calling arbitrary external code. 5) If you must provide an API key for automated posting, restrict its scope and rotate/delete it after testing. If the publisher cannot supply clarifying metadata and declared env requirements, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk9758m530ww65bzmg8vc936k4d84t3qqlinkedinvk9758m530ww65bzmg8vc936k4d84t3qqmarketingvk9758m530ww65bzmg8vc936k4d84t3qqsocial-mediavk9758m530ww65bzmg8vc936k4d84t3qq
72downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Sergey Bulaev@sergebulaev
latestlinkedinmarketingsocial-media
Download

LinkedIn Reply Handler

Drafts a reply to a specific LinkedIn comment. Correctly handles LinkedIn's 2-level thread flattening: if you're replying to a reply, the Publora API needs the TOP-level comment URN as parentComment, not the reply's URN.

When to use

  • User pastes a LinkedIn comment URL (contains ?commentUrn=...) and says "reply to this"
  • An author (e.g., Kevin Payne, Felix Tseitlin) replied to the user's comment and the user wants to continue the thread
  • User wants to re-engage a conversation that's gone dormant

Input

A LinkedIn URL containing commentUrn=urn:li:comment:(activity:POST,COMMENT_ID) — either the direct comment permalink or a feed URL with the query fragment.

Output

  • 1-2 reply drafts, 150-300 chars each
  • Reaction suggestion for the comment being replied to (always react before replying)
  • Thread context summary (who said what, when)
  • Approval card → on user "post", fires reaction + reply via Publora

Steps

  1. Parse the URL. lib.url_parser.parse_linkedin_url returns post_urn, comment_id, comment_urn.
  2. Determine thread structure. Fetch the post's comment thread (HarvestAPI if available) and locate the comment. Figure out whether it's:
    • a top-level comment (parentComment = this comment's URN when replying)
    • a reply to a top-level comment (parentComment = the TOP comment's URN, not this reply's URN — LinkedIn flattens)
  3. Read the full context. Author post text, top-level comment text, any intermediate replies. Include the user's own prior comment if they're in the thread.
  4. Draft the reply. Follow the engagement templates in references/reply-templates.md. If the counterpart asked a question, answer it directly. If they pushed back, concede then sharpen.
  5. Humanizer pass. Strip em dashes, AI vocab, enforce varied sentence length.
  6. Approval card. Include thread preview (who said what in last 3 turns), the draft, reaction suggestion, and the parentComment URN we'll send.
  7. On approval — adapt to the active backend. Call lib.active_backend():
    • publora (PUBLORA_API_KEY set) → react on the specific comment being replied to, pause 8-15s, then post reply with the correct top-level parentComment URN.
    • manual (no backend configured — the default) → output the approved reply via lib.manual_mode_message(draft_text, target_url, kind="reply"). Include the parent comment URL so the user knows exactly where to paste. Do NOT attempt to post.
    • diy (LINKEDIN_SKILLS_CUSTOM_POSTER set) → invoke the custom poster with draft, target URL, and parent-comment URN.

The flattening gotcha

LinkedIn only nests replies two levels deep. Visually the thread looks like:

Top comment by Alice (id: 111)
└─ Reply by Bob (id: 222)          ← parentComment: urn:li:comment:(activity:POST, 111)
   └─ Reply by Carol (id: 333)     ← parentComment: STILL urn:li:comment:(activity:POST, 111)

Carol's reply doesn't nest under Bob's — it's pinned at level 2 to the same top comment. If you pass urn:li:comment:(activity:POST, 222) as parentComment, the API returns 400 on some paths or silently misplaces the reply.

Rule in this skill: always use the TOP-level comment's URN as parentComment. If you're replying to a 2nd-level reply, we walk up the tree to find the top comment.

Templates (references/reply-templates.md)

  • R1 Answer-Their-Question — they asked, you answer plainly + one real detail
  • R2 Concede-Then-Sharpen — "you're right on X, and the piece I'd push on is Y"
  • R3 Extend-Their-Thesis — take their point one layer deeper with a new framing
  • R4 Share-Lived-Experience — "we hit this last quarter — here's what broke"
  • R5 Ask-Back — redirect with a sharper question when their position needs more context

Hard rules

  • 150-300 chars. Replies are tighter than top-level comments.
  • React to the comment you're replying to, not to the parent post.
  • Capitalize the counterpart's first name.
  • Never paste a canned "thanks!" — either respond with content or don't reply.
  • If the thread is older than 72 hours, consider a DM instead (use linkedin-thread-engagement).

Example

User: "Reply to this: https://www.linkedin.com/feed/update/urn:li:activity:7449018753880834048?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A7449018753880834048%2C7449758545140453376%29"

Skill: parses → post 7449018753880834048, comment 7449758545140453376. Fetches thread. Sees: Kevin Payne's post → Serge's comment ("moat moved to taste") → Kevin's reply ("How are you building that conviction muscle with your team?"). Drafts R1 Answer-Their-Question variant. Shows approval card.

User: "post"

Skill: react APPRECIATION on Kevin's reply → pause 12s → post reply with parentComment set to Serge's original comment URN (the TOP level, not Kevin's reply).

Files

  • SKILL.md — this file
  • references/reply-templates.md — 5 reply templates with examples
  • references/threading-rules.md — LinkedIn's 2-level flattening explained with edge cases

Comments

Loading comments...