LinkedIn Automation by Linked API
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill openly automates LinkedIn, but it can act through a third-party cloud browser to message, post, connect, react, and comment from a user's account without visible approval or scoping safeguards.
Install only if you trust Linked API and are comfortable delegating LinkedIn account actions to a cloud browser. Require explicit confirmation before any message, InMail, connection change, post, reaction, or comment, and avoid sharing sensitive tokens or content unless you understand the provider's data handling.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could send messages, manage connections, or publish/engage on LinkedIn in ways that affect reputation, privacy, or account standing.
The skill exposes tools that can mutate a LinkedIn account and create public or direct communications, while the visible artifact does not include approval or scoping safeguards for those actions.
Use it to fetch profiles, search people and companies, send messages, manage connections, create posts, react, comment, and more.
Only use this with explicit per-action user approval for messages, posts, comments, reactions, and connection changes; review all content and targets before execution.
Providing these tokens may allow Linked API and the CLI-driven agent to act through the user's LinkedIn account.
The skill requires delegated access to a user's LinkedIn account through provider tokens, but the provided metadata declares no primary credential and the visible instructions do not define token scope or lifetime.
Connect their LinkedIn account... Copy the Linked API Token and Identification Token... linkedin setup --linked-api-token=TOKEN --identification-token=TOKEN
Verify the provider and token permissions before use, avoid pasting long-lived secrets into chat if a safer credential flow exists, and revoke tokens when no longer needed.
Installing the CLI adds third-party code to the user's environment.
The skill tells the agent to install a global npm package if the CLI is missing. This is aligned with the skill's purpose, but it introduces unreviewed local executable code and is not pinned in an install spec.
npm install -g @linkedapi/linkedin-cli
Install from a trusted source, consider pinning a known version, and prefer an isolated environment for testing.
Information used in LinkedIn searches, messages, posts, or profile fetches may be processed by the external provider.
The artifact discloses an external provider/cloud-browser flow, meaning profile targets, message/post content, and action requests may be sent to Linked API.
Each command sends a request to Linked API, which runs a real cloud browser to perform the action on LinkedIn.
Do not send sensitive content through this skill unless the provider's privacy, retention, and access controls are acceptable.