Back to skill

Security audit

LinkedIn Automation by Zich (BradAI's OpenClaw)

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent LinkedIn automation helper, but it can guide actions from the user's logged-in LinkedIn account.

Install only if you want OpenClaw to help operate your LinkedIn account through the browser. Review every post, comment, image upload, engagement batch, analytics extraction, and scheduled job before allowing it to run, and use it only with the intended LinkedIn profile.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description is broad enough to trigger on many ordinary LinkedIn-related requests, which increases the chance the agent will invoke automation in situations the user did not clearly intend. Because the skill performs actions on a logged-in social media account, overbroad activation can lead to unintended posting, engagement, or data access with reputational and account-integrity consequences.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The top-level description lacks activation guardrails, so requests about LinkedIn presence, growth, or content could match even when the user only wants information rather than account actions. In a skill that assumes an authenticated browser session, missing constraints materially raises the risk of unintended use of the user's account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow documents automated posting and scheduled posting without prominently warning that these actions can publish content publicly from the user's logged-in LinkedIn account. That omission is dangerous because users may not appreciate that browser automation can create irreversible public actions, harm reputation, or trigger platform enforcement if misused.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The engagement automation section describes liking and commenting on posts from the user's logged-in account without an explicit warning about account misuse, accidental interactions, or terms-of-service and anti-abuse risks. In context, automated engagement can impersonate the user's professional voice, create unwanted public associations, and expose the account to restriction or reputational damage.

Direct Prompt Extraction

High
Category
System Prompt Leakage
Content
exit 1
fi

# Output instructions for the agent to execute via browser tool
cat << EOF
📝 LINKEDIN POST WORKFLOW
═══════════════════════════════════════
Confidence
93% confidence
Finding
Output instructions

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.