ClawHub

LinkedIn Inbox Manager — Smart LinkedIn Inbox from Linxa

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for LinkedIn inbox management, but it can access message data and make persistent inbox or lead-record changes with overly broad activation and limited confirmation guidance.

Install only if you trust Linxa with your LinkedIn inbox and lead data. Configure your agent to ask before adding comments or marking conversations as read, and require it to show the exact lead, conversation, and text or state change before taking action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest explicitly says to trigger the skill whenever the user mentions "Linxa," which is unrelated to the actual permission boundary of LinkedIn inbox management. This can cause over-activation and unnecessary access to LinkedIn messaging data in contexts where the user did not intend inbox operations, increasing the risk of inappropriate data exposure or action-taking.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The description uses absolute language like "Always use this skill for any LinkedIn messaging or LinkedIn lead management task," which discourages intent disambiguation and can force the skill into situations where a narrower or safer capability would be more appropriate. In a skill that can read message threads and modify conversation state, overly broad routing increases the chance of unnecessary data access and unintended actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The add-comment capability is a persistent write action, and the description encourages invocation from natural-language phrases like "add a note" or "remember that [person] mentioned X." In an agent setting, broad trigger language can cause the skill to be selected during ordinary conversation and lead to unintended storage of user-provided text on a lead profile.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This endpoint writes durable CRM-style comments that influence future recommendations, but the spec does not prominently warn that the action modifies stored lead data. Without explicit user acknowledgment, an agent may convert casual conversation into persistent records, creating privacy, integrity, and workflow risks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Marking a conversation as read changes LinkedIn inbox state, but the spec frames it as a convenience action without an explicit modification warning. In an autonomous or semi-autonomous agent workflow, that can cause silent state changes that hide unread items, affect triage, or alter business follow-up behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal