功能描述

Bulletproof LinkedIn inbox monitoring with progressive autonomy. Monitors messages hourly, drafts replies in your voice, and alerts you to new conversations. Supports 4 autonomy levels from monitor-only to full autonomous.

使用说明 (SKILL.md)

LinkedIn Monitor

Name: Linkedin Monitor
Author: dylanbaker24

Reliable LinkedIn inbox monitoring for Clawdbot.

Features

Hourly monitoring — Checks inbox every hour, 24/7
Deterministic state — No duplicate notifications, ever
Progressive autonomy — Start supervised, graduate to autonomous
Health checks — Alerts when auth expires or things break
Your voice — Drafts replies using your communication style

Quick Start

# 1. Setup (interactive)
linkedin-monitor setup

# 2. Verify health
linkedin-monitor health

# 3. Run manually (test)
linkedin-monitor check

# 4. Enable cron (hourly)
linkedin-monitor enable

Autonomy Levels

Level	Name	Behavior
0	Monitor Only	Alerts to new messages only
1	Draft + Approve	Drafts replies, waits for approval
2	Auto-Reply Simple	Auto-handles acknowledgments, scheduling
3	Full Autonomous	Replies as you, books meetings, networks

Default: Level 1 — Change with linkedin-monitor config autonomyLevel 2

Commands

linkedin-monitor setup      # Interactive setup wizard
linkedin-monitor health     # Check auth status
linkedin-monitor check      # Run one check cycle
linkedin-monitor enable     # Enable hourly cron
linkedin-monitor disable    # Disable cron
linkedin-monitor status     # Show current state
linkedin-monitor config     # View/edit configuration
linkedin-monitor logs       # View recent activity
linkedin-monitor reset      # Clear state (start fresh)

Configuration

Location: ~/.clawdbot/linkedin-monitor/config.json

{
  "autonomyLevel": 1,
  "alertChannel": "discord",
  "alertChannelId": "YOUR_CHANNEL_ID",
  "calendarLink": "cal.com/yourname",
  "communicationStyleFile": "USER.md",
  "timezone": "America/New_York",
  "schedule": "0 * * * *",
  "morningDigest": {
    "enabled": true,
    "hour": 9,
    "timezone": "Asia/Bangkok"
  },
  "safetyLimits": {
    "maxMessagesPerDay": 50,
    "escalationKeywords": ["angry", "legal", "refund"],
    "dailyDigest": true
  }
}

How It Works

Monitoring Flow

1. Health Check
   └── Verify LinkedIn auth (lk CLI)
   
2. Fetch Messages
   └── lk message list --json
   
3. Compare State
   └── Filter: only messages not in state file
   
4. For Each New Message
   ├── Level 0: Alert only
   ├── Level 1: Draft reply → Alert → Wait for approval
   ├── Level 2: Simple = auto-reply, Complex = draft
   └── Level 3: Full autonomous response
   
5. Update State
   └── Record message IDs (prevents duplicates)

State Management

State is managed by scripts, not the LLM. This guarantees:

No duplicate notifications
Consistent behavior across sessions
Visible state for debugging

State files: ~/.clawdbot/linkedin-monitor/state/

Sending Approved Messages

When at Level 1, approve drafts with:

send [name]           # Send draft to [name]
send all              # Send all pending drafts
edit [name] [text]    # Edit draft before sending
skip [name]           # Discard draft

Troubleshooting

"Auth expired"

lk auth login
linkedin-monitor health

"No messages found"

linkedin-monitor check --debug

Duplicate notifications

linkedin-monitor reset  # Clear state
linkedin-monitor check  # Fresh start

Dependencies

lk CLI (LinkedIn CLI) — npm install -g lk
jq (JSON processor) — brew install jq

Files

~/.clawdbot/linkedin-monitor/
├── config.json          # Your configuration
├── state/
│   ├── messages.json    # Seen message IDs
│   ├── lastrun.txt      # Last check timestamp
│   └── drafts.json      # Pending drafts
└── logs/
    └── activity.log     # Activity history

安全使用建议

This skill can monitor LinkedIn, but proceed cautiously: - Credentials: The code expects LinkedIn session cookies (li_at and JSESSIONID) though the registry metadata doesn't declare them. These are sensitive session tokens — only supply them if you trust the code and the Clawdbot runtime. Prefer short-lived/test tokens and rotate them after testing. - Storage: Credentials are saved in plaintext to ~/.clawdbot/linkedin-monitor/credentials.json by lk.py; consider securing that file (strict permissions) or avoid persistent storage by using environment vars temporarily. - Drafting and sending: The README/SKILL.md promise drafting replies in your voice and autonomous reply levels, but the repository contains no explicit LLM-call that generates drafts or any implementation to send messages. Draft generation appears to be expected to happen on the agent/Clawdbot side when it processes monitor output. Verify where drafts are created and how 'send' actions are executed before enabling autonomous modes (especially Level 2/3). - Autonomy: Keep the skill in monitor-only or draft+approve mode while you audit behavior. Enabling full autonomous replies (Level 3) before you confirm where drafts are generated and how sends are executed is risky. - Channel outputs: Alerts are delivered via Clawdbot messaging to external channels (Discord, Telegram, Slack, WhatsApp, Signal). Confirm that Clawdbot's outbound integration to those services is configured securely and that you trust those channels to receive message content. - Compliance and TOS: Extracting and reusing LinkedIn cookies may violate LinkedIn terms of service. Confirm you accept that risk. What would change this assessment: if the registry metadata were corrected to declare the required LinkedIn credentials, if credential storage were encrypted or optional, and if the skill included an explicit, auditable component that generates drafts and performs sends (or clearly documented that the agent will produce drafts and that sends require explicit operator approval).

功能分析

Type: OpenClaw Skill Name: linkedin-monitor Version: 1.1.0 This skill is classified as suspicious due to its reliance on high-risk capabilities and the local storage of sensitive session cookies. It requires persistent `cron` jobs for hourly monitoring, extensive `browser` tool access to interact with LinkedIn, and stores LinkedIn session cookies (`li_at`, `jsessionid`) in `~/.clawdbot/linkedin-monitor/credentials.json` (as seen in `scripts/lk.py`). While these capabilities are explicitly declared in `package.json` and `SKILL.md` and are necessary for the skill's stated purpose of LinkedIn inbox monitoring, the local storage of session cookies presents a vulnerability if the local system is compromised. The instructions to the agent in markdown files (`SKILL.md`, `CRON-PAYLOAD.md`, `scripts/check-browser.sh`, `scripts/ensure-browser.sh`) are transparent and directly related to the skill's function, showing no evidence of malicious prompt injection or intent to exfiltrate data beyond its stated purpose.

能力评估

⚠ Purpose & Capability

The skill claims browser-based monitoring and drafting replies. The repo contains both a browser-based cron payload and an API-path (scripts/lk.py) that requires LinkedIn session cookies. Registry metadata declared no required credentials, but the code clearly needs LINKEDIN_LI_AT and JSESSIONID (or a credentials.json). Also the repository contains no explicit implementation that sends replies — draft generation and sending are implicit/expected to be performed by the agent/Clawdbot, which is not documented as a required piece. These omissions/inconsistencies reduce confidence that the requested resources align cleanly with the stated purpose.

⚠ Instruction Scope

Runtime instructions and code instruct the operator/agent to extract LinkedIn cookies from the browser devtools and save them to ~/.clawdbot/linkedin-monitor/credentials.json (or set environment variables). That is sensitive (session tokens). Scripts read/write state, logs, drafts, and config under ~/.clawdbot — expected for a monitor, but the SKILL.md and scripts also rely on an external Clawdbot messaging system to post alerts to channels (Discord/Telegram/Slack/WhatsApp/Signal). Draft creation is described in prose, but no local code calls an LLM to generate drafts; draft content appears to be expected from the Clawdbot agent that consumes the monitor output. The instructions also tell users to keep a browser profile open 24/7. Overall the scope includes collecting and storing session tokens and message content and sending them to external alert channels, which is coherent for a monitor but sensitive and not fully explicit in the registry metadata.

✓ Install Mechanism

There is no installer that downloads code at runtime — the skill is instruction-plus-scripts. package.json exists but there's no install spec that pulls arbitrary URLs; dependencies referenced are standard (linkedin-api python package, jq, optional 'lk' npm package). No remote, unvetted archive downloads or URL-shortened installers were found.

⚠ Credentials

The registry metadata lists no required environment variables or primary credential, yet scripts/lk.py requires LINKEDIN_LI_AT and LINKEDIN_JSESSIONID (or a credentials.json). That mismatch is a red flag: the skill needs sensitive LinkedIn session cookies to function but does not declare them in its manifest. The scripts persist credentials in plaintext under the user's home directory. The skill also expects a browser profile logged-in to LinkedIn and a channel ID for alerts (Discord/other). The number and sensitivity of required secrets (LinkedIn session cookies) are significant and should be explicitly declared and justified in the metadata.

ℹ Persistence & Privilege

The skill is not configured always:true and thus is not force-included. It can be invoked autonomously (platform default). Because it needs LinkedIn session credentials and can operate on a schedule (cron), autonomous invocation increases its blast radius — review autonomy-level controls before enabling auto-reply modes. The skill does not modify other skills or system-wide configs, and state is kept under its own ~/.clawdbot path.

版本历史

v1.1.0

- Updated CRON-PAYLOAD.md and README.md to reflect latest usage and configuration details. - Improved example and documentation for config.json in templates. - No changes to core functionality or SKILL.md in this release.

v1.0.0

Initial release of linkedin-monitor. - Monitors LinkedIn inbox hourly, ensuring no duplicate notifications. - Supports 4 progressive autonomy levels: monitor-only, draft/approve, simple auto-reply, full autonomy. - Drafts replies in your personal communication style and alerts you to new conversations. - Includes health checks and alerts for authentication or operational issues. - Provides CLI commands for setup, manual checks, configuration, and reviewing activity/logs.

元数据

Slug linkedin-monitor

版本 1.1.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 2

常见问题