Skillv1.0.4

ClawScan security

Skill Linkedin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 8:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's functionality (generating LinkedIn outreach messages) matches its instructions, but metadata inconsistencies and the presence of an optional LinkedIn session token + third‑party API use raise privacy/credential concerns.
Guidance: This skill appears to do what it says — generate LinkedIn outreach — but double-check a few things before installing or supplying secrets: - Clarify the metadata mismatch: the platform summary showed no required env vars, but the skill files request TRADEGPT_API_KEY (required) and LINKEDIN_SESSION_TOKEN (optional). Confirm with the publisher which credentials are actually needed. - Treat TRADEGPT_API_KEY as a third-party API credential: using the skill will send prospect/target data to https://api.yunlvai.com for message generation. If your data is sensitive (private contact info, proprietary notes), review Yunlvai's privacy policy and data handling practices first. - Be cautious about providing LINKEDIN_SESSION_TOKEN (cookie/session token). If requested, prefer not to share actual account session tokens. If the skill truly needs authenticated LinkedIn access, ask for support for official OAuth flows or a least-privilege option (e.g., upload public profile content manually) instead of sharing session cookies. - If you want to test safely, try the skill with non-sensitive mock data first and confirm what env vars are actually required. Ask the publisher to document exactly when and why each credential is used. - Ensure use of the skill complies with LinkedIn's terms (avoid automated sending using account credentials) and with your organization's privacy rules. If the publisher cannot explain the env var discrepancy or justify the optional session token, treat the package with caution or avoid provisioning real account credentials.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, and SKILL.md all describe LinkedIn outreach generation and the included template libraries support that purpose — requesting an API key for yunlvai/MatchGPT (TRADEGPT_API_KEY) is coherent for server-side generation. However, there is an inconsistency between the registry summary (which lists no required env vars/credentials) and the skill files (SKILL.md and clawhub.yaml) that declare TRADEGPT_API_KEY as primary and LINKEDIN_SESSION_TOKEN as a required/optional env. That mismatch should be clarified before install.
Instruction Scope: okThe runtime instructions are limited to: accepting prospect info (manual, URL, or CSV), extracting profile cues, generating messages, and outputting templates. They do reference 'reading LinkedIn public information' and optional profile parsing, but they do not instruct the agent to read unrelated local files or other system secrets.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files to be downloaded or executed on disk, which minimizes install-time risk.
Credentials: concernThe skill declares TRADEGPT_API_KEY (needed to call https://api.yunlvai.com) — reasonable for a cloud-based generation service. It also lists LINKEDIN_SESSION_TOKEN (optional). A LinkedIn session token (cookie-like credential) is highly sensitive because it can grant account access / session-level actions; requiring or requesting it should be justified explicitly (e.g., for authenticated scraping) and clearly labeled. The earlier registry metadata claiming 'no required env vars' contradicts these declarations, which is a red flag: users might be unaware they must provide a third‑party API key or a session token.
Persistence & Privilege: okThe skill does not request always: true, does not include install-time scripts or system config writes, and is user-invocable only. It does not demand persistent system privileges or modify other skills.