← Back to Skills Marketplace
Unipile Linkedin Sdk
by
Mohit Yadav
· GitHub ↗
· v1.5.0
· MIT-0
177
Downloads
2
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install unipile-linkedin-sdk
Description
LinkedIn integration via Unipile's official Node.js SDK. Send messages, InMail, view profiles, manage connections, create posts, and interact with content. U...
Usage Guidance
This skill appears to do exactly what it claims. Before installing: (1) Verify you trust the Unipile service and the source of the skill (homepage/source URLs point to clawhub.ai, but the package author is unidentified in the bundle). (2) Prefer UNIPILE_PERMISSIONS=read for least privilege unless you explicitly need write operations. (3) Ensure UNIPILE_DSN points to the official Unipile endpoint from dashboard.unipile.com (do not set it to a third-party server you don't trust). (4) Audit the npm package 'unipile-node-sdk' (version constraints) on the npm registry if you want extra assurance, and avoid reusing the same token across unrelated services.
Capability Analysis
Type: OpenClaw Skill
Name: unipile-linkedin-sdk
Version: 1.5.0
This skill is a legitimate integration for LinkedIn using the official `unipile-node-sdk`. It provides a CLI wrapper (`scripts/linkedin.mjs`) for managing LinkedIn profiles, messages, and posts via the Unipile API. The skill includes proactive security documentation and implements a permission-gating system based on the `UNIPILE_PERMISSIONS` environment variable to restrict the agent to read-only or write access. No evidence of malicious intent, data exfiltration, or prompt injection was found.
Capability Assessment
Purpose & Capability
Name/description (Unipile LinkedIn SDK) match the code and instructions: the CLI uses unipile-node-sdk and requires UNIPILE_DSN and UNIPILE_ACCESS_TOKEN to interact with LinkedIn via Unipile. These credentials are appropriate for the declared functionality. Minor metadata inconsistency: registry/summary at the top lists 'Required env vars: none' while SKILL.md and the script clearly declare required env vars.
Instruction Scope
SKILL.md and scripts/linkedin.mjs limit actions to Unipile API calls (profiles, posts, messaging, invites). Instructions tell users to npm install the official SDK and set the DSN/TOKEN; the runtime script only reads the documented env vars and command-line args. There are no instructions to read unrelated files, system secrets, or to send data to unexpected endpoints (the DSN is provided by the user).
Install Mechanism
No install spec in the skill bundle (instruction-only) and the docs simply recommend 'npm install unipile-node-sdk', which is a normal, low-risk public-registry dependency. The repository includes package.json and package-lock.json with standard npm packages; there are no archive downloads or remote extract steps.
Credentials
The environment variables requested (UNIPILE_DSN, UNIPILE_ACCESS_TOKEN, optional UNIPILE_PERMISSIONS) are proportional and necessary for the described Unipile integration. The SKILL.md marks UNIPILE_ACCESS_TOKEN as primaryEnv; this is expected. Note: the earlier top-level metadata omitted these required env vars, which is an inconsistency to be aware of but does not itself indicate extra privilege.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not require persistent system-level privileges. It is user-invocable and allows autonomous invocation (platform default) but that is not unusual and is not combined with other red flags here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install unipile-linkedin-sdk - After installation, invoke the skill by name or use
/unipile-linkedin-sdk - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.0
Added optionalEnv declaration for UNIPILE_PERMISSIONS. Emphasized least-privilege (read-only) as recommended default. Added security section at top with permission guidance.
v1.4.0
Added permission system (UNIPILE_PERMISSIONS) for read/write access control. Use 'read' for safe data scraping, 'write' for write operations, or 'read,write' for full access (default).
v1.3.2
Security fix: Removed recommendation to store credentials in workspace files. Now recommends environment variables, secrets managers, or CI/CD secrets only.
v1.3.1
Fixed metadata: added source URL, corrected version, added Security & Trust section with credential handling, SDK verification, and provenance info.
v1.3.0
Restored CLI script (scripts/linkedin.mjs) for practical command-line usage. Added invocation examples and error handling docs.
v1.2.0
Added invocation examples for common use cases: profile lookup, posts by date range, messaging, invitations. Enhanced error handling docs with all error types.
v1.1.0
Refactored for AI-agent-optimized format: quick reference tables, concise method docs, removed CLI scripts
v1.0.0
Initial release - LinkedIn SDK integration with messaging, profiles, posts, and invitations
Metadata
Frequently Asked Questions
What is Unipile Linkedin Sdk?
LinkedIn integration via Unipile's official Node.js SDK. Send messages, InMail, view profiles, manage connections, create posts, and interact with content. U... It is an AI Agent Skill for Claude Code / OpenClaw, with 177 downloads so far.
How do I install Unipile Linkedin Sdk?
Run "/install unipile-linkedin-sdk" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Unipile Linkedin Sdk free?
Yes, Unipile Linkedin Sdk is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Unipile Linkedin Sdk support?
Unipile Linkedin Sdk is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Unipile Linkedin Sdk?
It is built and maintained by Mohit Yadav (@mohit21gojs); the current version is v1.5.0.
More Skills