maxhub-linkedin
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: maxhub-linkedin Version: 1.1.2 The maxhub-linkedin skill is a well-structured LinkedIn data collection tool that interfaces with the MaxHub API (aconfig.cn). It features a sophisticated architecture including an LRU cache (shared/cache.js), request deduplication (shared/optimizer.js), and a cost-based decision engine (shared/decision.js) to optimize API usage. The code is transparent, lacks obfuscation, and only accesses the MAXHUB_API_KEY environment variable as required for its stated purpose. All network requests are directed to the legitimate service endpoint at https://www.aconfig.cn, and the agent instructions (SKILL.md and system.prompt.md) emphasize user consent for paid operations and data privacy.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad or multi-step request could consume API balance or send more query data than a single lookup.
The skill may make multiple external API calls for chained or bulk workflows, which can affect cost and data exposure, but the instructions disclose confirmation and call-count warnings.
链式调用:复杂需求可串联多个API完成(需用户明确确认后执行)... 批量操作(>10条)前会提示预计调用次数
Approve chained or bulk requests only when needed, keep page/count limits small, and monitor MaxHub usage.
Anyone able to run the skill with this environment variable can make MaxHub LinkedIn API requests that may use quota or balance.
The skill authenticates to the MaxHub API using a local environment variable, which is expected for the integration but still grants access to the user's provider account.
"authHeader": "x-api-key", "authEnvVar": "MAXHUB_API_KEY"
Use a dedicated, revocable API key with the minimum needed permissions or balance, and rotate it if you no longer use the skill.
Names, companies, job searches, or other query terms you provide may be visible to the MaxHub/aconfig.cn service.
The artifacts disclose that user-supplied LinkedIn search parameters are sent to an external provider, creating a data-sharing boundary users should understand.
本Skill通过MaxHub API(aconfig.cn)获取数据,用户查询参数将发送至该服务
Avoid submitting private or sensitive personal information, and review the provider's privacy and acceptable-use terms.
Recent LinkedIn query results may remain in the running process for a few minutes.
The optimization layer is configured to cache API responses briefly in memory, which is bounded and purpose-aligned but may temporarily retain recent query results.
cache: { maxSize: 50, defaultTTL: 3 * 60 * 1000 }Use the skill in a trusted runtime and restart or clear the process if you handled sensitive queries.