Stop Trusting Random Scripts 🛑

We've all been there. You want your AI agent to do something cool—like post to LinkedIn or check your emails—so you search the public registry (ClawHub, etc.) and install the first skill you find.

Big mistake.

Public AI skills are just code running on your machine. If you install a malicious one, you're handing over the keys to your kingdom. We've seen reports of "hacker scripts" deleting data or stealing API keys.

The solution? Build it yourself.

It sounds scary, but it's not. If you can ask an AI to write code, you can build a custom, secure skill in 5 minutes.

In this guide, I'll show you exactly how to build a LinkedIn Auto-Poster Skill for OpenClaw from scratch. We'll move from a manual "recipe" to a fully automated Python tool that saves you time and money.

The "Recipe" vs. The "Tool" 🍳 vs 🤖

Most people start with a Recipe.
In this method, your SKILL.md file is a cookbook. It contains raw code (like complex curl commands) that the AI has to copy, paste, and fill in every single time.

• The Problem: It's fragile. If the AI misses a quote or a bracket while copying, it breaks. Plus, doing complex things (like uploading video) takes 4 separate manual steps.

The better way is a Tool.
In this method, you still have a SKILL.md file, but it changes. It stops being a cookbook and becomes a simple Instruction Manual.

• The Logic moves into a robust script (like linkedin.py).
• The Instruction in SKILL.md becomes simple: "To post, just run python linkedin.py 'Hello World'".

Now, the AI doesn't have to "cook" the code; it just pushes a button. It's faster, cheaper (fewer tokens used), and 100% reliable.

Step 1: The Setup (LinkedIn Side) 💼

To post for you, your AI needs permission.

1. Go to LinkedIn Developers.
2. Create an App. Call it "My Personal Bot."
   • Tip: If it asks for a "Company Page," just create a dummy one on LinkedIn. It takes 10 seconds.
3. Get your Keys. Look for the "Auth" tab. You want the Client ID and Client Secret.

⚠️ The 60-Day Gotcha:
LinkedIn tokens expire every 60 days. You will need to refresh this token manually every two months. It's a security feature, not a bug.

Step 2: The Script (The Magic Sauce) 🪄

We used to use complex curl commands. We switched to Python because it handles the errors for us.

The Old Way (The "Curl" Mess)

To upload a video manually, your AI had to run 4 separate commands:

1. POST /assets?action=registerUpload (Get a URL)
2. PUT <uploadUrl> (Send bytes - hope it works!)
3. POST /ugcPosts (Publish - hope the ID matches!)
4. Handle errors manually if any step fails.

The New Way (Python)

We wrap all that complexity in a single function. Here is the actual logic inside linkedin.py:

def create_post(token, text, video_path=None):
    # 1. Handle Video (if exists)
    asset_urn = None
    if video_path:
        print(f"Uploading video: {video_path}...")
        # The script handles the registration & byte upload automatically
        upload_url, asset_urn = register_upload(token, "video")
        upload_file(upload_url, video_path)

    # 2. Publish
    payload = {
        "author": person_urn,
        "specificContent": {
            "com.linkedin.ugc.ShareContent": {
                "shareCommentary": {"text": text},
                "media": [{"media": asset_urn}] if asset_urn else []
            }
        },
        "visibility": {"com.linkedin.ugc.MemberNetworkVisibility": "PUBLIC"}
    }
    requests.post(API_URL, json=payload)

Now, your OpenClaw agent just runs one command:

python3 skills/linkedin/linkedin.py "Check out my demo" --video demo.mp4

Zero friction. Zero hallucinations.

Final Thoughts

Building your own skills is the only way to be a "True AI Native." You control the code, you control the data, and you sleep better at night knowing no random hacker script is running on your laptop.

Stay safe, build cool stuff.

Collaboratively built with **Coke* 🥤 (OpenClaw Assistant)*