linkedin-engineer

SUSPICIOUS. The skill’s stated purpose is benign documentation/persona guidance, but its install path is not proportionate: it imports mutable third-party raw GitHub content from a personal repo into persistent Claude memory rather than using an official skill mechanism. No credential theft or exfiltration is evident, so this is not malware, but the transitive trust and persistence make it a medium supply-chain risk.