linkedin

The LinkedIn skill presents a coherent purpose as a comprehensive automation CLI; however, its footprint introduces notable security and compliance concerns: reliance on a third-party cloud-browser service for LinkedIn actions, handling of authentication tokens via user-provided tokens, and potential data exfiltration through JSON outputs and external endpoints. The absence of explicit secure-by-design measures (token redaction in logs, explicit TLS/pinning details, auditable source of the Linked API client, and adherence to LinkedIn's terms) elevates risk. Overall, the capability-set is broadly aligned with the stated purpose, but the trust and data-flow patterns warrant being classified as SUSPICIOUS with a leaning toward MEDIUM risk until source integrity, data handling, and compliance controls are clarified and verified.