ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Linkedin Thread Engagement

v1.0.0

Tracks your LinkedIn comments for author replies within 72h, flags high-value engagement windows, and drafts timely follow-ups to maximize thread momentum.

0· 67·0 current·0 all-time
bySergey Bulaev@sergebulaev

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sergebulaev/linkedin-thread-engagement.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Linkedin Thread Engagement" (sergebulaev/linkedin-thread-engagement) from ClawHub.
Skill page: https://clawhub.ai/sergebulaev/linkedin-thread-engagement
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install linkedin-thread-engagement

ClawHub CLI

Package manager switcher

npx clawhub@latest install linkedin-thread-engagement
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to monitor LinkedIn threads and post or route DMs, which legitimately requires API access or posting credentials. However the metadata declares no required environment variables, no credentials, and no install/dependencies. The SKILL.md also references HarvestAPI, Publora, and lib.active_backend(), which are external services/libraries not declared or bundled. That mismatch suggests missing or omitted requirements.
!
Instruction Scope
Runtime instructions tell the agent to fetch profile comments via HarvestAPI, fetch comment trees, classify stages, draft replies and route DMs, and call `linkedin-reply-handler`/`lib.active_backend()`. These steps imply network calls, authentication, and invoking other skills/libraries, but the doc gives no authentication flow or safe limits. The instructions are specific about data to collect (comment trees, reply URNs, timestamps) yet do not describe required permissions or endpoints, leaving the agent with open-ended authority to call unknown services.
Install Mechanism
There is no install spec and no code files — this minimizes on-disk risk. However being instruction-only increases reliance on external services and other skills; the absence of an install step is coherent with an instruction-only approach but does not compensate for missing declared credentials/dependencies.
!
Credentials
The behavior described (reading the user's LinkedIn comments, posting replies, sending DMs, calling HarvestAPI/Publora) normally requires LinkedIn/Harvest/API keys or OAuth tokens and probably API endpoints, yet requires.env is empty and no primary credential is declared. That is disproportionate: the skill requests actions that need sensitive credentials but doesn't declare them or explain how they'll be provided or stored.
Persistence & Privilege
always:false and no special install-time persistence or config modifications are requested. The skill can be invoked by the agent (normal), but it does not request elevated continuous presence or cross-skill configuration changes in the provided metadata.
What to consider before installing
This skill's instructions clearly expect API access and helper libraries (HarvestAPI, Publora, linkedin-reply-handler) but the package declares no credentials, endpoints, or dependencies — that's a red flag. Ask the publisher for: (1) the exact APIs/endpoints used and an explanation of HarvestAPI/Publora and how auth is performed (OAuth flow or API key), (2) a list of required environment variables or connectors (LinkedIn token, HarvestAPI key, posting credential) and how secrets are stored, (3) the source or homepage and provenance for referenced helper skills (linkedin-reply-handler), and (4) whether posting/DMing will be automatic or require manual approval. Until the author supplies that information, avoid granting this skill live LinkedIn credentials or enabling autonomous posting — if you test it, do so in a restricted/sandbox account and insist on explicit, minimal-scoped auth (OAuth with revocable tokens) and audit logging.

Like a lobster shell, security has layers — review code before you run it.

latestvk975nqj41m0h852pgz41n3m1r584vhg1linkedinvk975nqj41m0h852pgz41n3m1r584vhg1marketingvk975nqj41m0h852pgz41n3m1r584vhg1social-mediavk975nqj41m0h852pgz41n3m1r584vhg1
67downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Sergey Bulaev@sergebulaev
latestlinkedinmarketingsocial-media
Download

LinkedIn Thread Engagement

The engagement compounding layer. Tracks which of the user's comments earned author replies, drafts timely follow-ups, and flags the 6-24 hour window where thread momentum is highest.

When to use

  • Daily: "What threads need follow-up today?"
  • After posting a batch of comments: "Check back in 6 hours"
  • When an author replied personally (e.g., Kevin Payne → Serge): "Draft the response"

Input

  • User's LinkedIn profile URL (to pull their recent comments)
  • Optional: specific post URL to monitor

Output

Daily report

PostedAuthorPostCommentReply?StageAction
18h agoKevin PayneLawVu"moat moved to taste"✅ Kevin replied 14h agoWarm (6-24h window)Reply now
22h agoDharmesh ShahHubSpot"integration depth moat"NoColdSkip
3h agoFelix T.Rezolve"twin economies"NoWatchCheck in 3h

For each warm thread

  • Thread preview (last 3 turns)
  • Suggested response (drafted via linkedin-reply-handler)
  • Reaction target (the specific reply URN, not the post)
  • Priority (high / medium / low)

Weekly roll-up

  • Total comments posted
  • Author-reply rate (target: 15%+)
  • Conversion to DM (when thread closes warm)

Steps

  1. Fetch user's recent comments via HarvestAPI /linkedin/profile-comments.
  2. For each comment posted in last 72h: fetch the parent post's comment tree and look for:
    • Replies to the user's comment
    • Whether the author posted any of those replies
    • Timestamps (time since user's comment, time since latest reply)
  3. Classify stage:
    • Hot (<6h): author just replied — respond within 90 min for max thread momentum
    • Warm (6-24h): the Kevin Payne window — author replies most happen here
    • Cool (24-72h): still respondable but lower velocity
    • Dormant (>72h): don't reply in thread; consider DM
  4. Draft responses for warm threads using linkedin-reply-handler (which adapts to the active backend per lib.active_backend() — Publora auto-posts, manual mode returns copy-paste, DIY invokes custom poster).
  5. Flag suspicious patterns:
    • Author replied but also deleted someone else's comment (author is actively moderating, tread carefully)
    • Commenter is in thread self-promoting (your reply shouldn't engage them)
  6. DM routing: if thread is dormant but the author engaged meaningfully, draft a DM that references the thread specifically.

Kevin Payne window

Named after the real 2026-04 data point: Kevin Payne (LawVu CEO) replied to Serge's comment 22h after the original post. This is the sweet spot.

  • 0-6h: 70% of author replies happen here if they're going to happen
  • 6-24h: ~25% of author replies, but these are higher-quality (author took time to think)
  • >24h: thread rarely produces new author engagement

Follow-up timing:

  • If author replied in 0-6h window: respond within 90 minutes
  • If author replied in 6-24h window: respond within 2 hours (they're still checking)
  • If author replied >24h: respond within 4 hours before thread goes cold

Inbound-quality signals

High-quality commenter = worth the follow-up:

  • Founder/operator title in profile
  • Company in user's ICP
  • Active posting history (not just reactions)
  • Mutual 2nd-degree connections >10
  • Prior thoughtful comments on user's posts

Low-quality = skip:

  • Generic praise with no specifics
  • Template language ("I'd love to hop on a quick call")
  • Profile is sales/agency with no operator history
  • Same comment across many creators' posts

Hard rules

  • Never reply to a reply later than 72h after the thread's last turn. Switch to DM.
  • Never chain 3+ replies under one comment (thread spam).
  • If the author deleted their reply, do not reply — they reconsidered.
  • Don't DM a warm thread before first replying publicly (skips a step).

Example

Input: monitor sbulaev profile, last 24h

Output:

  • 1 warm thread: Kevin Payne replied 14h ago on LawVu post. Current stage: Warm (8-24h). Suggested response ready. Action: post within 2 hours.
  • 8 cold threads (no author engagement). Skip.
  • 3 watching threads (<6h old, author may still reply). Check again in 3-6h.

Files

  • SKILL.md — this file
  • references/thread-timing.md — the timing matrix with examples

Related skills

  • linkedin-reply-handler — drafts the actual follow-up message
  • linkedin-comment-drafter — drafts the initial comment that starts threads

Comments

Loading comments...