kol-discovery

SUSPICIOUS. The stated purpose is coherent, but the main execution path depends on a community Apify actor and forwards a token to third-party code rather than using an official LinkedIn data source. No clear install/dependency trust story is provided for the local script. This looks like a plausible outreach skill with medium-to-high security risk, not confirmed malware.