Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
LinkedIn Skill
v1.0.0LinkedIn automation skill — search people and companies, fetch profiles, send messages and InMails, manage connections, create posts, react, comment. Support...
⭐ 0· 615·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims LinkedIn automation (search, fetch, message, post, etc.) which plausibly requires a CLI or API tokens, but the registry metadata lists no required binaries, no primary credential, and no install instructions. SKILL.md explicitly requires a `linkedin` CLI (npm package @linkedapi/linkedin-cli) and tokens from app.linkedapi.io; that mismatch is inconsistent and unexplained.
Instruction Scope
The runtime instructions are narrowly scoped to LinkedIn actions and include explicit CLI commands and flags. They do not instruct reading arbitrary system files. However they require the user/agent to capture and provide two tokens (Linked API Token and Identification Token) from a third party dashboard — these are sensitive and the instructions do not describe token scopes or how tokens are stored/used beyond running `linkedin setup`.
Install Mechanism
There is no install spec in the registry, but SKILL.md tells users to run `npm install -g @linkedapi/linkedin-cli`. Installing a global npm package from an unknown publisher (no homepage/source provided in the registry) can execute arbitrary code on the host. The skill also describes a third‑party cloud browser performing actions, which increases the trust surface because external infrastructure will act on your account.
Credentials
The skill metadata lists no required environment variables or credentials, yet the instructions require the user to obtain and provide two tokens from app.linkedapi.io (Linked API Token and Identification Token). Those tokens could grant broad access to the user's LinkedIn account via the third party; their absence from declared requirements is a red flag. The skill also performs sensitive operations (sending messages, managing connections) which justify needing tokens, but the lack of transparency about token scope and storage is problematic.
Persistence & Privilege
The skill is not marked always:true and does not request system‑wide configuration changes in the registry. It does instruct running `linkedin setup`, which will persist tokens locally for the CLI — normal for this type of tool. Autonomous model invocation is allowed by default (disable-model-invocation=false); combined with sensitive tokens this increases blast radius, but that is platform default and not by itself proof of malice.
What to consider before installing
This skill's instructions are plausible for a LinkedIn automation tool, but the package/source is not declared in the registry and metadata doesn't match the SKILL.md. Before installing or providing any tokens: 1) Verify the npm package and its publisher (inspect the package page and GitHub repo, read code and recent commits); 2) Confirm what the 'Linked API Token' and 'Identification Token' actually are, what scopes they grant, and that they are revocable; 3) Prefer using a throwaway/test LinkedIn account when trying it first; 4) Avoid pasting your LinkedIn password — only provide tokens from the provider's dashboard if you trust them; 5) If you don't want a third party to act on your account, do not install/use this tool. If you need help checking the npm package or finding the provider's privacy/security docs, ask and include the package URL or publisher info.Like a lobster shell, security has layers — review code before you run it.
latestvk976ywyxwy4dv1gsyze0jp8d1581rj9p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.