RonanCodes/linkedin-voyager
skills/linkedin-voyager/SKILL.md
Read LinkedIn profile data (bio, headline, experience, education, skills, contacts) via the unofficial Voyager API. Uses your browser session cookies — NO password. Sibling to the official-API `linkedin` skill. Use when user wants to see or export their own (or a public) profile content not available in the official API.
development
Updated May 1, 2026
$ install --global
skillsauthnpx skillsauth add RonanCodes/ronan-skills linkedin-voyagerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 1, 2026, 2:27 AM189.1s2 files scanned
SKILL.md
- name:
- linkedin-voyager
- description:
- Read LinkedIn profile data (bio, headline, experience, education, skills, contacts) via the unofficial Voyager API. Uses your browser session cookies — NO password. Sibling to the official-API `linkedin` skill. Use when user wants to see or export their own (or a public) profile content not available in the official API.
- category:
- social
- argument-hint:
- <profile <slug> | contact <slug> | search <keywords> | connections>
- allowed-tools:
- Bash(uv *) Bash(python3 *) Read
- - pipeline:
- scan
- - platform:
- - role:
- scanner
LinkedIn Voyager (unofficial)
Read-side sibling to ro:linkedin. Hits LinkedIn's internal Voyager API (same API the linkedin.com web app uses) via the linkedin-api Python library (tomquirk). Gives access to profile sections the official OAuth API doesn't expose: About, Headline, Experience, Education, Skills, Certifications, Contact info, Connections, etc.
⚠️ Terms of service + ban risk
This skill uses an undocumented internal API and authenticates with your session cookies. Per LinkedIn's User Agreement §8.2, automated access that is not through their public API is prohibited. Aggressive or high-volume usage has resulted in account restrictions or bans. Use sparingly:
- Prefer
/ro:linkedin(official API) for anything it covers. - Keep request rate low. One profile fetch per minute is fine; a scripted crawl is not.
- The skill is model-invocable, but treat it as a deliberate operation — don't auto-fire it on tangential LinkedIn-related questions. Prefer
/ro:linkedin(official API) when possible.
Usage
/ro:linkedin-voyager profile ronanconnolly # your own profile (bio/headline/experience/skills)
/ro:linkedin-voyager profile satyanadella # any public profile slug
/ro:linkedin-voyager contact ronanconnolly # email/phone/twitter if the viewer can see them
/ro:linkedin-voyager search "staff engineer" # people search (limited)
/ro:linkedin-voyager connections # the viewer's own 1st-degree connections
Auth — session cookies, no password
On every run, scripts/voyager.py extracts li_at + JSESSIONID from the browser set by ROBROWSER in ~/.config/ro/defaults.env (or --browser <name>), using browser_cookie3. No password is ever prompted or stored. Cookies stay in memory.
If the library rejects the cookies (LinkedIn sometimes requires challenges), log into linkedin.com once in the browser and retry.
Output
Profile output (default — compact human-readable):
# <Full Name> — <Headline>
<location> · <industry>
linkedin.com/in/<slug>
## About
<bio text>
## Experience
- <Title> @ <Company> (<start> – <end or Present>) <location>
<description if any>
- ...
## Education
- <School> — <Degree> <Field> (<years>)
## Skills
skill1, skill2, skill3, ...
Add --json for raw Voyager JSON (huge — useful for wiki ingest or diffs).
Dispatch
| Arg | Function |
|-----|----------|
| profile <slug> | get_profile(public_id=slug) + pretty-printer |
| contact <slug> | get_profile_contact_info(public_id=slug) |
| search <terms> | search_people(keywords=terms, limit=10) |
| connections | get_profile_connections(<viewer>) |
Execution
uv run --with 'linkedin-api>=2.3' --with browser-cookie3 python3 \
/path/to/skills/linkedin-voyager/scripts/voyager.py <cmd> <args...>
uv provisions the deps on first run; subsequent runs are fast.
TODO / known limits of profile
- Current implementation uses dash endpoint
FullProfile-138which returns the top card only: name, headline, summary (About/bio), location, profile picture. - Experience, education, skills, certifications, languages live on separate dash sub-endpoints (e.g.
/identity/dash/profilePositions?viewee=<urn>&...). Not yet wired. Add as a second call chained after the top card if the caller wants the full profile. - Library's own
get_profile()hits/identity/profiles/<slug>/profileViewwhich returns 410 Gone as of 2026-Q1. Don't use it — this skill'scmd_profilecalls the dash endpoint directly.
Limits & failure modes
- Rate limit / challenge — LinkedIn may serve a CAPTCHA. Log into linkedin.com in the browser, solve it, retry.
- Fields missing — Voyager returns what the authenticated viewer can see. Private profiles return a stub.
- Library drift — LinkedIn rotates internal endpoints;
linkedin-apiis usually patched within weeks.uvauto-picks the latest compatible version per run. - Account flag — heavy usage = temp restriction. Don't loop this skill. If responses start returning
Set-Cookie: li_at=delete me+ infinite 302 loops to the same URL, LinkedIn has invalidated the session server-side. Log back into the browser and wait ~30 min before retrying. - Cookie quirk (fixed in scripts/voyager.py) — Chromium stores LinkedIn cookies with domain
.www.linkedin.comand quoted JSESSIONID values like"ajax:...". requests' cookiejar won't send.www.linkedin.com-scoped cookies to hostwww.linkedin.com, and the quoted JSESSIONID won't match thecsrf-tokenheader (which is set unquoted). Both caused 403 "CSRF check failed" untilget_cookies()rebuilt the jar with.linkedin.comdomain + stripped JSESSIONID quotes.
See also
/ro:linkedin— official OAuth API: posts + draft-mode profile edits. Start there./ro:linkedin-scan— light scraping of the public-facing HTML (even safer, less structured)./ro:browser-cookies— the underlying cookie path this skill uses.- Upstream: https://github.com/tomquirk/linkedin-api
Related Skills
RonanCodes/skills/worktree
development
VerifiedTrustedCommunity
--- name: worktree description: Coordinate multiple agents on one repo via a worktree-lock pool, so two agents never clobber each other's working tree. Acquire the first free slot (main, then beta/gamma… worktrees, created on demand), work there on your own branch, release when you've pushed. Use before modifying any repo that might be in use by another agent (factory, dataforce, etc.), or whenever you're told a repo is being worked on. Backed by `ro worktree`. category: development argument-hin
SKILL.mdUpdated May 25, 2026
RonanCodes/skills/ship
testing
VerifiedTrustedCommunity
--- name: ship description: Ship a feature branch the local-CI-first way — run the full local gate, push, open a PR, squash-merge, then deploy, without waiting on GitHub Actions. Use when a branch is ready for main and you want it merged and deployed now. Reads CI policy from `ro ci` (default skips remote CI because GitHub Actions billing keeps hitting limits). Sibling to /ro:gh-ship (waits on GitHub checks) and /ro:cf-ship (the deploy half). Triggers on "ship it", "ship this", "merge and deploy
SKILL.mdUpdated May 25, 2026
RonanCodes/skills/setup-logging
testing
VerifiedTrustedCommunity
--- name: setup-logging description: Set up (or audit) the observability stack in a TanStack Start + Cloudflare Workers app so it is "diagnosable by default" — structured logging (logtape) with a request context carrying trace_id + userId + tenant/orgId, a trace_id propagated FE→BE→logs→Sentry→PostHog, Cloudflare Workers observability enabled, and Sentry + PostHog wired. Two modes: `setup` (wire it into an app) and `audit` (check an existing app + report gaps). Use when scaffolding a new app, wh
SKILL.mdUpdated May 24, 2026
RonanCodes/env
development
VerifiedTrustedCommunity
Manage credentials INSIDE the active ~/.claude/.env file — read which token/account to use for a given app (Simplicity vs Dataforce vs Ronan-personal), add or update a secret WITHOUT it passing through the chat (an interactive Terminal window prompts for it), and track secrets that were exposed in a transcript so they get rotated. Sibling to /ro:context (which switches WHICH env file is active). Use when the user wants to add an API key/token/secret, asks "which credential do I use for X", needs the env organized/labelled, or a secret was pasted into the chat and should be rotated.
SKILL.mdUpdated May 24, 2026