maxhub-linkedin
PassAudited by ClawScan on May 13, 2026.
Overview
The provided artifacts show a coherent LinkedIn data-collection skill that uses a MaxHub API key and sends user queries to aconfig.cn, with no evidence of malicious behavior.
Install only if you are comfortable sending LinkedIn-related search terms to MaxHub/aconfig.cn and using a MaxHub API key. Use a dedicated key, monitor balance usage, keep bulk requests limited, and avoid submitting private personal information.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad or multi-step request could consume API balance or send more query data than a single lookup.
The skill may make multiple external API calls for chained or bulk workflows, which can affect cost and data exposure, but the instructions disclose confirmation and call-count warnings.
链式调用:复杂需求可串联多个API完成(需用户明确确认后执行)... 批量操作(>10条)前会提示预计调用次数
Approve chained or bulk requests only when needed, keep page/count limits small, and monitor MaxHub usage.
Anyone able to run the skill with this environment variable can make MaxHub LinkedIn API requests that may use quota or balance.
The skill authenticates to the MaxHub API using a local environment variable, which is expected for the integration but still grants access to the user's provider account.
"authHeader": "x-api-key", "authEnvVar": "MAXHUB_API_KEY"
Use a dedicated, revocable API key with the minimum needed permissions or balance, and rotate it if you no longer use the skill.
Names, companies, job searches, or other query terms you provide may be visible to the MaxHub/aconfig.cn service.
The artifacts disclose that user-supplied LinkedIn search parameters are sent to an external provider, creating a data-sharing boundary users should understand.
本Skill通过MaxHub API(aconfig.cn)获取数据,用户查询参数将发送至该服务
Avoid submitting private or sensitive personal information, and review the provider's privacy and acceptable-use terms.
Recent LinkedIn query results may remain in the running process for a few minutes.
The optimization layer is configured to cache API responses briefly in memory, which is bounded and purpose-aligned but may temporarily retain recent query results.
cache: { maxSize: 50, defaultTTL: 3 * 60 * 1000 }Use the skill in a trusted runtime and restart or clear the process if you handled sensitive queries.