Skillv1.0.3

ClawScan security

Skill Linkedin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 7:58 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mainly match a LinkedIn outreach generator, but metadata and requirements are inconsistent and it asks for sensitive credentials (a LinkedIn session token) that are not clearly justified—proceed with caution.
Guidance: Summary of issues and recommended checks before installing: - Metadata mismatch: SKILL.md and clawhub.yaml require TRADEGPT_API_KEY and optionally LINKEDIN_SESSION_TOKEN and list python3, but the registry header reported no required envs. Ask the publisher to clarify the true requirements. - Credentials: TRADEGPT_API_KEY is reasonable for an external generation API. Do NOT provide a LinkedIn session cookie. Clarify whether LINKEDIN_SESSION_TOKEN means a standard OAuth access token with explicitly listed scopes, or a raw session cookie. Prefer OAuth tokens with the minimal scope for sending messages and revokeability. - Automatic sending: The skill indicates an option to 'automatically send' messages via yunlvai.com. Confirm what data is sent to the external API (full profile text, contact lists, message content), how long it's retained, and whether yunlvai stores/send messages on your behalf. Review the vendor's privacy policy and data retention practices at https://yunlvai.com. - Least privilege: If you must try the skill, use it first in manual-send mode (copy/paste messages) or with a limited test account. Avoid uploading large customer lists or real production tokens until you trust the service. - Compliance & Terms: Automated outreach may violate LinkedIn's terms of service. Verify you are comfortable with any policy risk and LinkedIn rate limits. Enable throttling and limits if using automatic sending. - Practical checks: Ask the publisher to (1) reconcile the registry metadata, (2) document exact token types and storage policies, (3) provide an option that works without giving a session cookie (e.g., redirect OAuth), and (4) confirm no code is executed locally despite the 'python3' bin mention. Given these inconsistencies and the potential for sensitive credential exposure, treat this skill as suspicious until the above clarifications are provided and you can test it in a limited, reversible way.

Review Dimensions

Purpose & Capability: noteThe skill's name, description and SKILL.md consistently describe LinkedIn message generation and optional automated sending via an external MatchGPT API and LinkedIn API. Requesting an API key for a generation service (TRADEGPT_API_KEY) and LinkedIn authorization is plausible for this purpose. However, the registry summary at the top of the package lists no required env vars while SKILL.md and clawhub.yaml declare required env vars (TRADEGPT_API_KEY and LINKEDIN_SESSION_TOKEN) and a required binary (python3). That metadata mismatch is an incoherence that should be clarified.
Instruction Scope: concernSKILL.md instructs the agent to parse LinkedIn public profiles, accept CSV uploads, generate personalized messages, and optionally perform automated sending through an external service. Those steps align with the described purpose. However, the skill also references a LINKEDIN_SESSION_TOKEN (commented as optional) and 'automatic sending' via a third‑party API — this implies the skill may ask for live session credentials or send messages on the user's behalf. The instructions do not clearly state whether tokens are OAuth tokens with limited scopes, session cookies, how tokens are stored, or what is transmitted to yunlvai.com. That lack of constraint/trust boundaries is a scope concern.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by the skill package itself, which is low risk. Notably, SKILL.md lists python3 in metadata but no local code uses it—this is an inconsistency but not an install risk.
Credentials: concernThe skill declares TRADEGPT_API_KEY (primary) which is proportional to using an external text-generation API. It also lists LINKEDIN_SESSION_TOKEN (optional). A 'session token' can be highly sensitive (a full account cookie or token) and is not clearly justified vs. standard OAuth flows; the clawhub.yaml also references a LinkedIn API that is 'user self-configured'. The package requests potentially sensitive credentials without explaining required scopes, storage, or retention—this is disproportionate unless the author clarifies they accept only proper OAuth tokens with limited scopes and no long-term storage.
Persistence & Privilege: okThe skill does not request 'always: true' and is user-invocable. There are no install-time actions or claims to modify other skills or global agent settings. Autonomous invocation is enabled by default but is not combined with other high-risk privileges here.