LinkedIn automation via browser relay or cookies for messaging, profile viewing, and network actions.
Security Analysis
medium confidenceThe skill's instructions are coherent with LinkedIn automation, but it asks the user to extract/store an account session cookie (li_at) without declaring credentials and relies on a browser relay that grants broad access — this mismatch and the sensitive nature of session cookies merit caution.
The name/description match the instructions: browser relay or session cookie use for messaging, profile viewing, and network actions is consistent with LinkedIn automation. However, the skill references a sensitive credential (li_at cookie) and session attachment mechanisms but does not declare any required credential or primaryEnv — an omission that reduces transparency.
SKILL.md instructs the agent/operator to attach to a logged-in Chrome session via a browser-relay extension or to extract the li_at cookie from DevTools and store it for API requests. Those instructions explicitly enable reading and acting as the user's LinkedIn account (viewing messages, sending messages/requests). While it advises confirming messages, the guidance gives the agent/skill the ability to access sensitive account data and perform account actions; there are no strict limits in the instructions preventing reading/exporting data or automated exfiltration.
This is an instruction-only skill with no install spec or code files, so it does not write code to disk or pull external artifacts. That lowers installation risk, but the runtime risk comes from the described browser-relay and cookie usage rather than from install behavior.
The skill describes using/storing the LinkedIn session cookie (li_at), which is effectively a credential granting full account access. Yet the registry metadata lists no required env vars or primary credential. That mismatch (describing credential usage but not declaring it) is a transparency/privilege concern. A user-provided li_at value would be disproportionate relative to a simple helper unless the user fully understands and accepts the account-level access they are granting.
always:false (default) and normal autonomous invocation are used. Autonomous invocation combined with access to a browser session or a stored li_at cookie increases blast radius (the agent could read/send messages or perform network actions). The skill does include safety guidance (confirm before messaging, rate limits), but those are advisory and not enforcement mechanisms.
Guidance
This skill will attach to a logged-in browser session or ask you to extract your LinkedIn session cookie (li_at). That cookie grants full control of the account (read/send messages, connect/disconnect) — treat it as highly sensitive. Before installing: (1) do not paste li_at into untrusted UIs; prefer using a temporary browser-relay session and watch actions live; (2) verify the origin/author of any browser extension or relay tool you use; (3) only allow the skill to run interactively and require explicit confirmation for any send/connection action; (4) avoid storing li_at persistently and rotate your password/cookie if you suspect misuse; (5) if you need stronger safety, test on a throwaway account first or decline cookie-based mode. If you want, ask the publisher to declare a formal primary credential field and to document how the browser-relay handles user consent and audit logging.
Latest Release
v1.0.0
Initial release - Browser automation for LinkedIn messaging, profiles, and network actions
More by @biostartechnology
Published by @biostartechnology on ClawHub
