linkedin-dm

The code/spec implements a legitimate automation for personalized LinkedIn outreach but depends on high‑privilege components (browser session access and Google Sheets access) and unspecified auxiliary tools ('gog' CLI, browser extension/managed profile). There is no direct evidence of embedded malware or obfuscated malicious code in this document, however the supply‑chain and operational risks are significant: untrusted extensions or an unknown CLI could capture session tokens, message contents, and contact lists. Before use: verify provenance and source code of 'gog' and any browser extension/OpenClaw components, restrict OAuth scopes to the minimum required, run automation locally where possible, audit any third‑party binaries, and limit campaign volume to avoid account suspension.