ClawHub

storyagent_linkedin

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed LinkedIn automation skill that uses Unipile credentials to read and act on a connected LinkedIn account, with no evidence of hidden or unrelated behavior.

Install only if you want an agent to operate a Unipile-connected LinkedIn account. Protect the Unipile token, avoid exposing it in prompts or logs, and require explicit human review before sending messages, invitations, posts, comments, reactions, or profile views that notify others.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README documents high-impact LinkedIn actions such as sending messages, invitations, posts, comments, and reactions without any warning that these operations affect a real external account and may be difficult or impossible to undo. In an agent-skill context, this increases the risk of unintended social actions, spammy behavior, reputational harm, or policy-violating activity if an agent invokes commands without clear user confirmation boundaries.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is broad enough to auto-match many ordinary LinkedIn-related requests, including actions with real external side effects such as messaging, invitations, reactions, and posting. In an agent environment, overly broad routing increases the chance the skill is invoked without sufficient user confirmation or action scoping, leading to unintended account actions or privacy exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation exposes capabilities that affect a user's LinkedIn account and third parties—sending messages, connection requests, comments, reactions, and posts—without warning about privacy, reputation, or irreversible account-impacting consequences. This omission makes accidental misuse more likely, especially when an agent may act on ambiguous prompts or process sensitive profile and message data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This CLI exposes multiple side-effecting LinkedIn operations such as sending messages, starting chats, sending invitations, creating posts, commenting, and reacting, and executes them immediately based only on command-line arguments. In an agent setting, that increases the risk of unintended external actions, spam, reputational harm, or misuse if a prompt, tool invocation, or parameter is wrong, because there is no confirmation gate, dry-run mode, or explicit user-consent check before acting on a real LinkedIn account.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: unipile-linkedin
description: Interact with LinkedIn via Unipile API - send messages, view profiles, manage connections, create posts, react to content. Use when the user asks to message someone on LinkedIn, check LinkedIn messages, view LinkedIn profiles, send connection requests, create LinkedIn posts, or interact with LinkedIn content.
---

# Unipile LinkedIn
Confidence
84% confidence
Finding
create posts, react to content. Use when the user asks to message someone on LinkedIn, check LinkedIn messages, view LinkedIn profiles, send connection requests, create LinkedIn posts, or interact wit

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal