LinkedIn Inbox Manager — Smart LinkedIn Inbox from Linxa
PassAudited by ClawScan on May 10, 2026.
Overview
The visible artifacts are a coherent Linxa LinkedIn inbox integration, but it requires a Linxa token/Chrome extension and can read messages, store notes, and mark conversations read.
Before installing, verify you trust Linxa and its Chrome extension, protect the LINXA_TOKEN like a password, and explicitly approve any action that adds lead comments or marks conversations as read. The visible artifacts are purpose-aligned, but LinkedIn messages and CRM notes are sensitive data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the token could potentially access the user's Linxa-backed LinkedIn inbox capabilities until the token is revoked or expires.
The skill requires a bearer token that grants access to the user's Linxa/LinkedIn inbox data. This is expected for the integration, but it is sensitive account authority and is not reflected in the registry credential/env-var metadata.
All requests require the `LINXA_TOKEN` environment variable... Authorization: Bearer $LINXA_TOKEN
Set LINXA_TOKEN only in a trusted environment, avoid sharing it in chat or logs, and revoke/regenerate it from Linxa if it may have been exposed.
The agent could add notes to leads or mark LinkedIn conversations as read if instructed, changing the state of the user's inbox or Linxa CRM context.
The API includes endpoints that mutate inbox/CRM state. The descriptions frame them as user-requested actions, so this is purpose-aligned but should be handled with confirmation.
POST /api/mcp/comments ... Attach a note or comment ... POST /api/mcp/conversations/{chatId}/read ... Marks the specified conversation as readConfirm the target person/conversation and exact note text before allowing write actions, especially when multiple similar contacts or threads exist.
Stored notes may shape future LinkedIn follow-up recommendations, so mistaken or maliciously suggested notes could cause poor outreach decisions later.
User-added comments are persistent context that later affects Linxa's generated recommendations. This is an intended CRM feature, but incorrect or untrusted notes could bias future actions.
Comments influence future next-action recommendations and help track context about each lead.
Only save notes the user explicitly wants retained, and periodically review or remove stale or incorrect CRM comments in Linxa.
Using the skill requires trusting Linxa's extension and service with LinkedIn inbox-related access and synchronization.
The skill depends on an external Chrome extension and Linxa web service that are not included in the artifact set. This is disclosed and consistent with the product, but it adds a trust dependency outside the reviewed files.
Install the [Linxa Chrome Extension]... Sign in at [app.uselinxa.com] with LinkedIn
Install the extension only from the official Chrome Web Store listing, review its browser permissions, and use Linxa's revoke controls if you stop using the skill.