技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 213 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:0xmythril/linkedin-cli-2
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill's declared requirements and the runtime instructions mostly match the LinkedIn-posting purpose, but there are inconsistent or unexplained items (env var requirements and install metadata) and an install-from-GitHub step that should be audited before trusting it with OAuth credentials.
目的
Name/description (post to LinkedIn via API v2) align with required binary 'linkedin-cli' and the described commands. However, the declared required env vars include LINKEDIN_ACCESS_TOKEN while the SKILL.md's setup flow documents creating LINKEDIN_CLIENT_ID and LINKEDIN_CLIENT_SECRET and using 'linkedin-cli auth' to obtain a token — the ACCESS_TOKEN requirement is not explained in the instructions.
说明范围
SKILL.md instructions stay within the expected scope (install, create ~/.config/linkedin-cli/.env, run oauth, post/delete). The guidance to 'only post when explicitly asked' is policy text, not an enforced technical restriction — the agent can be invoked autonomously by default, so this is a behavior guideline rather than a safeguard. The skill claims no network calls except to LinkedIn endpoints, which cannot be verified from an instruction-o…
安装机制
INVALID LANGUAGE PAIR SPECIFIED. EXAMPLE: LANGPAIR=EN|IT USING 2 LETTER ISO OR RFC3066 LIKE ZH-CN. ALMOST ALL LANGUAGES SUPPORTED BUT SOME MAY HAVE NO CONTENT
证书
The skill declares three required env vars (LINKEDIN_CLIENT_ID, LINKEDIN_CLIENT_SECRET, LINKEDIN_ACCESS_TOKEN). Client ID/secret are reasonable for OAuth. Requiring LINKEDIN_ACCESS_TOKEN as a required env var is odd because the SKILL.md documents an interactive 'linkedin-cli auth' flow to obtain the token and stores credentials in ~/.config/linkedin-cli/.env. It's unclear whether an access token is mandatory up front or optional for headless o…
持久
The skill does not request always:true and does not ask to modify other skills or system-wide settings. It uses a per-user config file (~/.config/linkedin-cli/.env) which is proportionate. Note: the agent's ability to autonomously invoke the skill (disable-model-invocation: false) is the platform default; combined with OAuth posting rights this increases impact if the agent were compromised — consider restricting autonomous invocation if you a…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Linkedin Cli」。简介:Post to LinkedIn using the official API v2. Uses OAuth tokens so only post when…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/0xmythril/linkedin-cli-2/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: linkedin-cli
description: Post to LinkedIn using the official API v2. Uses OAuth tokens so only post when explicitly asked or scheduled.
homepage: https://github.com/0xmythril/linkedin-cli
metadata: {"openclaw":{"emoji":"💼","requires":{"bins":["linkedin-cli"],"env":["LINKEDIN_CLIENT_ID","LINKEDIN_CLIENT_SECRET","LINKEDIN_ACCESS_TOKEN"]},"install":[{"id":"npm","kind":"shell","command":"npm install -g github:0xmythril/linkedin-cli#v1.0.0","bins":["linkedin-cli"],"label":"Install linkedin-cli v1.0.0 (npm)"}]}}
---
# linkedin-cli
Post to LinkedIn using the official API v2. This tool is rate-limited by LinkedIn, so **only use it when the user explicitly asks you to post, or during scheduled cron tasks**. Do not speculatively draft and post content.
## Setup
1. Install (pinned to release tag):
```bash
npm install -g github:0xmythril/linkedin-cli#v1.0.0
```
2. Create a LinkedIn app at https://www.linkedin.com/developers/apps
- Enable **Sign In with LinkedIn using OpenID Connect** and **Share on LinkedIn** products
- Add `http://localhost:8585/callback` to **Authorized redirect URLs**
3. Configure credentials (file is created with restricted permissions):
```bash
mkdir -p ~/.config/linkedin-cli
touch ~/.config/linkedin-cli/.env
chmod 600 ~/.config/linkedin-cli/.env
cat > ~/.config/linkedin-cli/.env << 'EOF'
LINKEDIN_CLIENT_ID=your_client_id
LINKEDIN_CLIENT_SECRET=your_client_secret
EOF
```
4. Authenticate (opens browser for OAuth):
```bash
linkedin-cli auth
```
5. Verify: `linkedin-cli whoami`
## Security
- **Credentials**: Stored in `~/.config/linkedin-cli/.env` (read by `dotenv` at runtime). Set `chmod 600` to restrict access.
- **No postinstall scripts**: The package has zero install scripts — verify via `npm pack --dry-run` or inspect `package.json`.
- **No telemetry or network calls** except to the official LinkedIn API (`api.linkedin.com`) and OAuth (`www.linkedin.com`) when you run a command.
- **Pinned install**: The install command pins to a specific release tag. Audit the source at https://github.com/0xmythril/linkedin-cli before installing.
- **Dependencies**: Only 3 runtime deps — `commander` (CLI parsing), `dotenv` (env file loading), `open` (browser launch for OAuth). No transitive dependencies beyond these.
## Commands
### Verify auth
```bash
linkedin-cli whoami
```
### Authenticate
```bash
linkedin-cli auth
```
### Post a text update
```bash
linkedin-cli post "Your post text here"
```
### Share a URL with commentary
```bash
linkedin-cli share "https://example.com/article" "Your commentary here"
```
### Delete a post
```bash
linkedin-cli delete <post-id-urn-or-url>
linkedin-cli delete https://www.linkedin.com/feed/update/urn:li:activity:7654321/
```
## Important rules
- **Do NOT post unless the user explicitly asks or a cron job triggers it.** LinkedIn rate-limits API usage.
- **Always confirm with the user** before posting or sharing. Show them the text first.
- **Keep posts professional** — LinkedIn is a professional network.
- linkedin-cli accepts raw numeric IDs, full URNs, and LinkedIn post URLs.
- If you get a 401 error, the token has expired (~60 days). Ask the user to run `linkedin-cli auth` to re-authenticate.
- This tool is for **posting only**. It cannot read feeds, search profiles, or send messages.