AI Roast Linkedin Profile
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: linkedin-profile-roast Version: 1.0.1 The skill is a straightforward integration for a hosted service (constants.io) designed to scrape LinkedIn profiles and generate AI-based audio roasts. It requires a standard API key (CONSTANTS_API_KEY) and utilizes a specific CLI tool (constants-skills) via npm. No evidence of malicious intent, data exfiltration, or prompt injection was found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The API key authorizes calls against the user's Constants account, so exposure or misuse could cause unwanted account usage.
The artifact clearly requires a Constants API key. This is expected for a hosted Constants tool and there is no evidence of hardcoded credentials or unrelated credential use.
required_env_vars: - CONSTANTS_API_KEY primary_credential: CONSTANTS_API_KEY
Keep the Constants API key secret, use a limited-scope key if Constants supports it, and revoke/regenerate the key if it is exposed.
The submitted profile URL and resulting profile-derived content may be processed by Constants to generate the roast audio and text.
The skill sends the supplied LinkedIn profile URL to the external Constants API for hosted processing, which is central to the stated purpose but is still an external data flow.
curl -X POST https://www.constants.io/api/v1/run/linkedin_ai_roast_generator_0edc9796 ... -d '{"linkedinUrl":"..."}'Only submit profiles you are comfortable sending to Constants, and review Constants' privacy and usage terms before using the tool.
Installing and running the skill depends on the Constants CLI/package and hosted backend rather than local reviewed code in the artifact.
The skill relies on a hosted Constants tool and a Constants npm/CLI installation path. This is disclosed and purpose-aligned, but users are trusting that external tooling and hosted service.
source: hosted ... package: constants-skills ... npx constants-skills install linkedin_ai_roast_generator_0edc9796
Install Constants tooling from the official source, verify the package name before running npx commands, and keep the CLI updated.