linkedin-cli

SUSPICIOUS. The skill's functionality matches its stated LinkedIn CLI purpose, but it authenticates by harvesting live browser session cookies and forwarding them to an unofficial third-party library that uses undocumented LinkedIn endpoints instead of official OAuth APIs. That creates significant credential-handling and data-flow risk even though there is no direct evidence of deliberate malware or hidden exfiltration.