📦 Unipile LinkedIn SDK — 领英集成工具
v1.5.0基于 Unipile 官方 Node.js SDK,一站式完成 LinkedIn 消息、InMail、查看档案、管理人脉、发帖及互动。
2· 150·0 当前·0 累计
by 下载技能包
最后更新
2026/3/21
安全扫描
OpenClaw
安全
high confidenceThe skill is internally consistent with its stated purpose (a Unipile Node.js client for LinkedIn actions) and requests only the DSN and access token needed to call the Unipile API; nothing in the files suggests unrelated data access or hidden behavior.
评估建议
This skill appears to do exactly what it claims. Before installing: (1) Verify you trust the Unipile service and the source of the skill (homepage/source URLs point to clawhub.ai, but the package author is unidentified in the bundle). (2) Prefer UNIPILE_PERMISSIONS=read for least privilege unless you explicitly need write operations. (3) Ensure UNIPILE_DSN points to the official Unipile endpoint from dashboard.unipile.com (do not set it to a third-party server you don't trust). (4) Audit the npm...详细分析 ▾
✓ 用途与能力
Name/description (Unipile LinkedIn SDK) match the code and instructions: the CLI uses unipile-node-sdk and requires UNIPILE_DSN and UNIPILE_ACCESS_TOKEN to interact with LinkedIn via Unipile. These credentials are appropriate for the declared functionality. Minor metadata inconsistency: registry/summary at the top lists 'Required env vars: none' while SKILL.md and the script clearly declare required env vars.
✓ 指令范围
SKILL.md and scripts/linkedin.mjs limit actions to Unipile API calls (profiles, posts, messaging, invites). Instructions tell users to npm install the official SDK and set the DSN/TOKEN; the runtime script only reads the documented env vars and command-line args. There are no instructions to read unrelated files, system secrets, or to send data to unexpected endpoints (the DSN is provided by the user).
✓ 安装机制
No install spec in the skill bundle (instruction-only) and the docs simply recommend 'npm install unipile-node-sdk', which is a normal, low-risk public-registry dependency. The repository includes package.json and package-lock.json with standard npm packages; there are no archive downloads or remote extract steps.
✓ 凭证需求
The environment variables requested (UNIPILE_DSN, UNIPILE_ACCESS_TOKEN, optional UNIPILE_PERMISSIONS) are proportional and necessary for the described Unipile integration. The SKILL.md marks UNIPILE_ACCESS_TOKEN as primaryEnv; this is expected. Note: the earlier top-level metadata omitted these required env vars, which is an inconsistency to be aware of but does not itself indicate extra privilege.
✓ 持久化与权限
The skill does not request always:true, does not modify other skills, and does not require persistent system-level privileges. It is user-invocable and allows autonomous invocation (platform default) but that is not unusual and is not combined with other red flags here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.5.02026/3/21
Added optionalEnv declaration for UNIPILE_PERMISSIONS. Emphasized least-privilege (read-only) as recommended default. Added security section at top with permission guidance.
● 无害
安装命令
点击复制官方npx clawhub@latest install unipile-linkedin-sdk
镜像加速npx clawhub@latest install unipile-linkedin-sdk --registry https://cn.longxiaskill.com