📦 The LinkedIn Optimization Toolkit — 实用工具
v1.0.0接口 key generation, verification, 和 lifecycle management 使用 centralized administrative control.
0· 131·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe package's files implement a centralized API key management service, but the skill's name/metadata, lack of declared credentials, and runtime instructions that send sensitive keys to an external domain are inconsistent and warrant caution.
评估建议
Do not provide real admin keys or production API keys to this skill until you verify the operator and data handling. Questions to resolve before installing: who runs api.mkkpro.com/toolweb.in, where and how are keys stored and encrypted, what is the retention/audit policy, and does the service meet your compliance requirements? The naming mismatch (LinkedIn vs Key Management) is suspicious — ask the publisher for provenance or use a vetted, on-prem/key-management solution instead. If you want to...详细分析 ▾
⚠ 用途与能力
The skill is named "The LinkedIn Optimization Toolkit" but the SKILL.md and openapi.json describe a "Central Key Management System" (API key generation/verification/revocation). The name/slug and description don't match the actual functionality in the bundled docs, which suggests mislabeling or packaging error.
⚠ 指令范围
Runtime instructions are just cURL/HTTP examples that send API keys, admin_key values, and session data to https://api.mkkpro.com (ToolWeb). While that matches a key-management purpose, it also means sensitive keys and admin credentials will be transmitted to an external third party. The SKILL.md does not describe data retention, encryption, or who operates the remote service.
✓ 安装机制
Instruction-only skill with no install spec and no code files to install — nothing is written to disk by an installer. This is lower install risk.
⚠ 凭证需求
The service clearly requires an administrative key (admin_key) and accepts API keys, but the registry metadata declares no required environment variables or primary credential. A key management skill would normally declare how credentials are supplied and protected. The absence of declared credentials combined with instructions that send secrets to an external host is disproportionate and unclear.
✓ 持久化与权限
The skill does not request persistent/always-on privileges, does not change other skills' configs, and does not include install-time persistence — no elevated platform privilege is requested.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install toolweb-the-linkedin-optimization-toolkit
镜像加速npx clawhub@latest install toolweb-the-linkedin-optimization-toolkit --registry https://cn.longxiaskill.com镜像同步中