Trust Assessment
linkedin-automation received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 3 critical, 3 high, 2 medium, and 1 low severity. Key findings include Persistence / self-modification instructions, Unpinned Python dependency version, Environment Variable Path Manipulation for Arbitrary File Access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 16/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/red777777/inkedin-automation-that-really-works/scripts/lib/profile.py:7 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/red777777/inkedin-automation-that-really-works/scripts/linkedin.py:11 | |
| CRITICAL | Environment Variable Path Manipulation for Arbitrary File Access Multiple scripts use environment variables (e.g., `CC_ACTIONS_FILE`, `LINKEDIN_BROWSER_PROFILE`, `LINKEDIN_LIKES_STATE`, `LINKEDIN_STYLE_FILE`) to determine file or directory paths. If an attacker can control these environment variables, they can force the skill to read from or write to arbitrary locations on the filesystem, leading to data exfiltration, data corruption, or potentially command injection if executable files are overwritten or created in sensitive locations. Avoid using environment variables for sensitive file paths. If necessary, validate paths rigorously to ensure they are within expected, sandboxed directories. Consider using a dedicated configuration file or a more secure method for path management. | LLM | scripts/cc-webhook.py:10 | |
| HIGH | Browser Sandbox Disabled The Playwright browser is launched with the `--no-sandbox` argument. Disabling the browser's sandbox significantly reduces the security boundary between the browser process (which interacts with potentially untrusted web content) and the host system. This increases the risk of a successful exploit escaping the browser and affecting the underlying operating system. Remove the `--no-sandbox` argument. Ensure the browser runs with its default security mechanisms enabled. If running in a containerized environment, ensure the container itself provides adequate isolation. | LLM | scripts/lib/browser.py:29 | |
| HIGH | Python Module Search Path Manipulation via Environment Variable The `LINKEDIN_VENV_PACKAGES` environment variable is used to inject an arbitrary path into Python's `sys.path`. An attacker controlling this environment variable could point it to a malicious directory containing modules with the same names as legitimate ones, leading to arbitrary code execution (e.g., by shadowing standard library modules or skill dependencies). Remove the ability to modify `sys.path` via environment variables. Rely on standard Python packaging mechanisms (e.g., virtual environments) to manage dependencies securely. | LLM | scripts/lib/browser.py:10 | |
| HIGH | Data Exfiltration via User-Controlled Image Upload Path The `create_post` function allows uploading an image specified by `image_path`, which is derived directly from a user-provided command-line argument (`--image`). An attacker could provide a path to a sensitive local file (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) as the `--image` argument, causing the skill to upload this file to LinkedIn. Implement strict validation and sanitization of `image_path`. Restrict image uploads to a designated, non-sensitive directory, or only allow URLs for images. If local file paths are necessary, ensure they are explicitly whitelisted or confirmed by the user through a secure UI. | LLM | scripts/lib/actions.py:90 | |
| MEDIUM | Unpinned Python dependency version Requirement 'playwright>=1.40.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/red777777/inkedin-automation-that-really-works/scripts/requirements.txt:1 | |
| MEDIUM | Excessive Permissions: Arbitrary URL Navigation The `scrape_activity` function navigates the browser to a `profile_url` provided directly by the user via a command-line argument (`--profile-url`). While `page.goto` itself is not a command injection vector, it means the skill's browser will visit any URL specified by the user. This expands the attack surface, as the browser could be directed to malicious websites that attempt to exploit browser vulnerabilities or perform phishing attacks. Implement URL validation to ensure only trusted domains are visited, or warn the user explicitly about navigating to external, untrusted URLs. Consider isolating the browser process further if arbitrary URL navigation is a core feature. | LLM | scripts/lib/profile.py:18 | |
| LOW | Debug Screenshots to World-Writable Temporary Directory The `_debug_screenshot` function saves screenshots to `/tmp/linkedin_debug_*.png` on failure. While intended for debugging, if sensitive information is displayed on the page during an error, it could be written to a world-readable temporary directory, potentially exposing that data to other users or processes on the same system. Store debug screenshots in a more restricted directory with appropriate permissions, or encrypt them. Ensure sensitive data is not displayed on the page when an error occurs, if possible. | LLM | scripts/lib/actions.py:20 |
Scan History
Embed Code
[](https://skillshield.io/report/a2c3564c0c85aef0)
Powered by SkillShield