Back to skill

Security audit

Skill Linkedin

Security checks across malware telemetry and agentic risk

Overview

This LinkedIn outreach skill has a coherent purpose, but it needs Review because it combines sensitive LinkedIn credentials, automated outreach, and stored prospect data without enough scoping or retention safeguards.

Install only if you are comfortable giving this workflow LinkedIn account authority and storing outreach records locally. Prefer draft-only/manual sending, protect or avoid raw session tokens, review every message before sending, keep batches small, and confirm you can delete stored data and stop scheduled follow-ups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger set includes broad phrases like '社交获客' and 'B2B社交' that can activate the skill for generic sales or social-media requests outside the intended LinkedIn-specific scope. Over-broad routing can cause the agent to inappropriately load outreach automation behavior, increasing the chance of privacy overreach, spammy messaging guidance, or unintended access to LinkedIn-related resources and APIs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly stores imported profiles, generated messages, sent records, and logs, but does not state retention periods, deletion behavior, access controls, or user-facing notice/consent for local persistence. Because the data includes professional profile details and outreach history, silent storage can create privacy, compliance, and data-exposure risk if the host system is shared or compromised.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list contains broad terms such as 'LinkedIn', '领英', and general social-selling phrases that can cause the skill to activate in contexts broader than its stated purpose. In an outreach automation skill, over-triggering is risky because it may steer ordinary conversations into lead-generation or messaging workflows that involve sensitive data, unsolicited outreach, or automated actions.

Missing User Warnings

High
Confidence
96% confidence
Finding
The manifest requires a LinkedIn session token and advertises automatic message sending, but provides no warning, consent flow, or safeguards around account misuse, privacy, or platform-policy violations. Session tokens are highly sensitive credentials; if mishandled or used implicitly by the skill, they can enable unauthorized account actions, scraping, messaging, or exposure of private relationship data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.