Back to skill

Security audit

Keyapi Linkedin

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent LinkedIn KeyAPI integration, but it needs review because it can retrieve personal contact data and stores the API token persistently in a shell profile.

Install only if you are comfortable giving this skill a KeyAPI token and using it to retrieve LinkedIn profile and contact data. Prefer interactive or temporary environment-variable setup over the --token command-line option, avoid syncing shell profiles that contain secrets, and use contact-info features only for authorized, lawful, minimum-necessary purposes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script writes KEYAPI_TOKEN into the user's shell profile or PowerShell profile, creating long-lived persistence for a sensitive API credential. While this may be intended as convenience, persisting secrets in startup files increases exposure to accidental disclosure through backups, dotfile syncing, local inspection, or reuse by unrelated processes, and that persistence is broader than necessary for a LinkedIn-analysis skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The module explicitly supports retrieving LinkedIn user contact information for outreach preparation, but it provides no user-facing warning, consent boundary, or privacy-use limitation. In a people-enrichment skill, this omission increases the risk of misuse for unsolicited outreach, privacy-invasive profiling, or collection of personal contact data without adequate transparency.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The scenario guidance explicitly routes requests for LinkedIn user contact information and follower/connection details, but it provides no privacy notice, consent requirement, or usage restriction for handling personal data. Because this skill is designed to perform live API calls against profile data, the omission can enable collection or enrichment of sensitive personal information without clear safeguards, increasing privacy, compliance, and misuse risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script accepts --token on the command line and then processes it normally, but command-line secrets can be exposed through shell history, process listings, terminal logging, and debugging tools. Even if no immediate leak occurs in the script itself, encouraging this input path without warning or safer alternatives creates a realistic credential exposure risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.secret_argv_exposure

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/keyapi-api.mjs:127

Instructions pass high-value credentials through process argv.

Critical
Code
suspicious.secret_argv_exposure
Location
references/setup-and-auth.md:42