linkedin-content-optimizer-engagement-booster 安全扫描报告 — 低风险 | ClawSafe

5 /100

linkedin-content-optimizer-engagement-booster

Analyze LinkedIn engagement patterns, optimize posting times, rewrite content for maximum reach, and automate personalized outreach sequences

Pure documentation skill (SKILL.md only) with no executable code. The flagged 'hardcoded credentials' are clearly placeholder template values (e.g., 'your_linkedin_api_key_here') intended to be replaced by users, not actual exposed secrets.

技能名称linkedin-content-optimizer-engagement-booster

分析耗时25.6s

引擎pi

✓

可以安装

No action required. This is safe documentation for a LinkedIn optimization skill. Users should follow the setup instructions to configure their own API keys as environment variables.

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	SKILL.md - no file operations in documentation
网络访问	`NONE`	`NONE`	—	SKILL.md - URLs are documentation links only
命令执行	`NONE`	`NONE`	—	SKILL.md - no shell commands
环境变量	`NONE`	`NONE`	—	SKILL.md - describes env vars but doesn't read them
技能调用	`NONE`	`NONE`	—	SKILL.md - no nested skill invocations
剪贴板	`NONE`	`NONE`	—	SKILL.md - no clipboard operations
浏览器	`NONE`	`NONE`	—	SKILL.md - no browser automation
数据库	`NONE`	`NONE`	—	SKILL.md - no database operations

4 高危 8 项发现

🔑

高危 API 密钥疑似硬编码凭证

API_KEY="your_linkedin_api_key_here"

SKILL.md:148

🔑

高危 API 密钥疑似硬编码凭证

ACCESS_TOKEN="your_oauth_token"

SKILL.md:149

🔑

高危 API 密钥疑似硬编码凭证

API_KEY="your_google_api_key"

SKILL.md:156

🔑

高危 API 密钥疑似硬编码凭证

API_KEY="your_hubspot_key"

SKILL.md:163

🔗

中危外部 URL 外部 URL

https://hooks.slack.com/services/...

SKILL.md:160

🔗

中危外部 URL 外部 URL

https://www.linkedin.com/developers/apps

SKILL.md:168

🔗

中危外部 URL 外部 URL

https://platform.openai.com/api-keys

SKILL.md:171

🔗

中危外部 URL 外部 URL

https://api.linkedin.com/v2/me

SKILL.md:180

目录结构

1 文件 · 15.0 KB · 404 行

Markdown 1f · 404L

└─ 📝 SKILL.md Markdown 404L · 15.0 KB

安全亮点

✓ No executable code present - skill is documentation only

✓ No malicious patterns detected (no base64, no obfuscation, no curl|bash)

✓ API key references are clearly marked as placeholder examples

✓ No sensitive file paths accessed (no ~/.ssh, ~/.aws, .env)

✓ No credential exfiltration mechanisms

✓ No reverse shell, C2, or data theft indicators