Oathe Security Badge

Is arun-8687/linkedin-cli safe?

https://github.com/openclaw/skills/tree/main/skills/arun-8687/linkedin-cli

82
SAFE

This LinkedIn CLI skill provides legitimate functionality for accessing LinkedIn data through session cookies, but requires sensitive credentials that could be misused. The implementation appears clean with no malicious code detected, though it may violate LinkedIn's Terms of Service.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (4)

MEDIUM Accesses Sensitive LinkedIn Session Cookies -20

The skill requires LINKEDIN_LI_AT and LINKEDIN_JSESSIONID environment variables which are sensitive session cookies that provide full access to the user's LinkedIn account. These credentials could be misused if compromised.

LOW Executable Python Script -15

The skill contains an executable Python script that interacts with LinkedIn's API. While the code appears legitimate, it represents executable functionality within the skill.

LOW Potential Terms of Service Violations -30

Automated access to LinkedIn through session cookies may violate LinkedIn's Terms of Service and could result in account suspension. The tool enables programmatic access to profile data, messaging, and feed content.

INFO Third-Party Dependency 0

The skill depends on the linkedin-api Python package for LinkedIn API access. This is a legitimate library but introduces external dependency risk.