Back to skill
Skillv1.0.0
ClawScan security
Linkedin Page Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 21, 2026, 6:10 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and SKILL.md expect LinkedIn credentials and a local OAuth helper, but the registry metadata incorrectly declares no required environment variables — a provenance/metadata mismatch that you should resolve before installing.
- Guidance
- This skill appears to implement a legitimate LinkedIn Page publisher, but the registry metadata omits the required environment variables — do not trust the registry entry alone. Before installing: (1) review and confirm you are comfortable providing LINKEDIN_ACCESS_TOKEN and LINKEDIN_ORG_ID (and LINKEDIN_CLIENT_ID/CLIENT_SECRET only for running the OAuth helper); these are necessary to post as a Company Page and are powerful (w_organization_social allows creating posts as the org). (2) Verify the source and provenance (who published this skill) or run the code locally in an isolated environment first. (3) Keep client secret and tokens out of shared logs; the helper prints tokens to stdout, so capture/store them securely (e.g., a secrets manager or a file with tight permissions). (4) If you want the agent to post autonomously, restrict or rotate tokens and consider scoping tokens to a test page or limited privileges. (5) Ask the publisher to correct the registry metadata to declare required env vars so automated tooling and reviewers know the true credential needs.
Review Dimensions
- Purpose & Capability
- concernThe code and documentation implement exactly what the name/description claim (posting to a LinkedIn Company Page, handling media uploads and OAuth). However the registry metadata lists no required environment variables or primary credential, which is inconsistent with the SKILL.md and the scripts (which require LINKEDIN_ACCESS_TOKEN and LINKEDIN_ORG_ID and, for the OAuth helper, LINKEDIN_CLIENT_ID and LINKEDIN_CLIENT_SECRET). This metadata omission is suspicious because it hides the true credential requirements.
- Instruction Scope
- okThe SKILL.md and included scripts limit themselves to posting to LinkedIn, doing local OAuth (runs a localhost callback server), uploading local media files, and printing tokens to stdout for the user to store. There are no instructions to read unrelated system files, exfiltrate data to unknown endpoints, or access other skills' configs.
- Install Mechanism
- okThere is no network install step or archive download; the skill is distributed as source files and is instruction-only for installation. That lowers risk. The package includes a small Python CLI and library; no external install URLs or extract steps are present.
- Credentials
- concernThe runtime requires sensitive credentials: LINKEDIN_ACCESS_TOKEN and LINKEDIN_ORG_ID (and when running the helper, LINKEDIN_CLIENT_ID and LINKEDIN_CLIENT_SECRET). These are appropriate for the stated purpose, but the registry failed to declare them. The skill will print tokens to stdout and recommends exporting them into environment variables, so users must take care to store secrets securely. The absence of declared required env vars in the metadata is the main proportionality concern.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system-wide agent settings. It runs a temporary local HTTP server only for OAuth and otherwise acts as a user-invoked CLI/library. Autonomous model invocation is allowed (disable-model-invocation: false), which is the platform default; that combined with credential access increases blast radius but is not unusual for an integration skill.