linkedin

The LinkedIn automation skill is broadly aligned with its stated purpose of manipulating LinkedIn content and profiles via browser automation. However, the install pathway relies on an external, unverifiable script (curl | bash from a non-official domain), which introduces supply-chain risk. The credential handling is dual-mode (manual login vs environment variables); while designed to be privacy-conscious, local credential storage raises risk on shared or compromised hosts. Data flows are largely confined to the user's session with LinkedIn, but session data and credentials stored locally create potential leakage points. Overall, the footprint is suspicious due to the unverifiable install source, with medium risk of credential exposure and autonomous action without per-step user confirmation. Treat as SUSPICIOUS with focus on securing install provenance and ensuring explicit per-action user consent and minimized credential exposure.