Post to LinkedIn, comment, like, search organizations, and manage profiles via Pipedream OAuth integration.
Security Analysis
medium confidenceThe skill's requirements and behavior are largely consistent with its stated purpose (posting to LinkedIn via Pipedream/pdauth), but it reads local pdauth credentials and includes a Node script dependency that isn't declared — review before installing.
Name/description (LinkedIn via Pipedream) match the declared binary dependency (pdauth), the SKILL.md instructions (pdauth connect/status/call), and the included workaround script which calls Pipedream actions. Dependency on pdauth is expected for this functionality.
Most runtime instructions stick to the stated purpose (connect via OAuth, call Pipedream tools to post/comment/like/search). However the included org-post.mjs script reads the user's ~/.config/pdauth/config.json (clientId/clientSecret/projectId) and uses the Pipedream SDK to run an action directly as a workaround. That file access is within the domain of using pdauth but is not explicitly called out as a sensitive operation in the main metadata, so users should be aware the skill will read local auth configuration.
There is no external download or remote URL; the skill depends on the pdauth skill/CLI which is coherent. The org-post.mjs file imports '@pipedream/sdk' and requires Node to run, but the skill metadata does not declare Node/npm or that package as an install step — that is a minor coherence gap (the script will fail unless the runtime provides @pipedream/sdk or the user installs it).
The skill declares no required environment variables, but the included script reads ~/.config/pdauth/config.json which contains clientId, clientSecret, and projectId (sensitive credentials). Reading those local secrets is explainable by the workaround, but the metadata does not declare access to those secrets. Users should expect the skill to access their pdauth config (client credentials and project info).
always is false and the skill does not request elevated or permanent placement. It does not modify other skills or global agent settings. Autonomous invocation is allowed (default) but not combined with other high-risk factors.
Guidance
This skill appears to do what it says (use Pipedream/pdauth to interact with LinkedIn), but review a few things before installing: - The included Node script (org-post.mjs) reads ~/.config/pdauth/config.json and will access clientId/clientSecret/projectId stored by pdauth — these are sensitive credentials. Only install if you trust the skill owner and understand that the script uses your local pdauth credentials. - The script imports '@pipedream/sdk' and expects Node to be available; the skill metadata doesn't declare Node/npm or that package as an install step. If you plan to use the workaround, ensure you have Node and the @pipedream/sdk dependency installed or run the commands through the pdauth CLI instead. - Check the hard-coded defaults (default orgId, userId, authProvisionId) in org-post.mjs — they may not match your accounts; inspect and edit the script if needed. - Prefer using the pdauth CLI flows (connect/status/call) when possible because they avoid the skill reading your local client secret; use the script only if you understand and accept the local credential access. If you want higher assurance, ask the publisher for: (a) a signed source or canonical repository, (b) an explicit install step for Node/@pipedream/sdk, and (c) confirmation that the script will not transmit credentials to any endpoint other than Pipedream's official API.
Latest Release
v1.0.0
- Initial release of linkedin-pipedream skill. - Enables posting, commenting, liking, searching organizations, and managing LinkedIn profiles via Pipedream OAuth integration. - Includes 19 tools for LinkedIn automation; most work via MCP, with organization posting requiring a workaround. - Requires prior installation and configuration of the pdauth skill for authentication. - Detailed usage examples and tool reference provided in documentation.
More by @G9Pedro
Published by @G9Pedro on ClawHub
