🤝 shake

LinkedIn CLI — like bird for Twitter, but for LinkedIn. Cookie-based auth, no OAuth dance needed.

Install

npm install -g @thegreysky/shake

Or clone and link locally:

git clone https://github.com/thegreysky/shake.git
cd shake && npm install && npm run build && npm link

Authentication

Grab your cookies from LinkedIn in your browser (DevTools → Application → Cookies → linkedin.com):

shake auth --li-at <token> --jsessionid <token>
shake auth status    # Check if authenticated
shake auth logout    # Remove stored tokens

Tokens are stored in ~/.shake/config.json.

Note: No API call is made during auth — tokens are only validated when you run a command. This avoids burning sessions on setup.

Commands

Command	Description	Status
shake me	Your own profile (name, headline, member ID)	✅
shake profile <handle>	View any LinkedIn profile	✅
shake connections	List your connections (paginated)	✅
shake feed	Home feed with engagement stats	✅
shake notifications	Your notification inbox	✅
shake news	LinkedIn trending news/storylines	✅
shake posts <handle>	User's recent posts	🔧 Needs endpoint
shake post "text"	Create a new post	🔧 Needs testing
shake analytics	Creator content analytics (impressions, engagements)	✅
shake analytics <activityUrn>	Per-post analytics	✅
shake messages	List recent conversations	✅
shake messages <id>	View messages in a conversation	✅
shake search "query"	Search people & content	🔧 QueryIds rotate

All commands support --json for machine-readable output.

Examples

# Quick profile lookup
shake profile james-armstead

# Browse your feed
shake feed --count 10

# Check notifications
shake notifications --count 5

# Pipe to jq
shake me --json | jq '.data.firstName'

# Paginate connections
shake connections --count 50 --start 0
shake connections --count 50 --start 50

How It Works

Shake uses LinkedIn's internal Voyager API — the same API the LinkedIn web app uses. Authentication is cookie-based (same as your browser session).

Why curl? LinkedIn/Cloudflare fingerprints TLS clients. Node's fetch/undici gets blocked with 302 redirects. curl passes through cleanly because its TLS fingerprint matches expected browser behavior.

Key technical details:

• Uses curl via execFile (not Node HTTP clients)
• Cookies passed via -b flag (not -H "cookie:" — LinkedIn rejects the header format)
• Includes sec-fetch-* headers and x-li-track to match browser requests
• GraphQL queryIds extracted from LinkedIn's web client (see ENDPOINTS.md)

⚠️ Limitations

• Session management: Failed API calls can trigger LinkedIn's security and invalidate your session. Be conservative with request frequency.
• QueryId stability: LinkedIn's GraphQL queryIds can change when they deploy updates. If a command stops working, you may need to extract fresh queryIds from a HAR capture.
• No official API: This uses internal APIs that can change without notice. Use at your own risk.
• Rate limiting: LinkedIn will rate-limit aggressive usage. Keep it reasonable.

For OpenClaw Agents

See SKILL.md for integration instructions.

Stack

• TypeScript / Node.js (>=18)
• LinkedIn Voyager API (internal, cookie auth)
• curl for HTTP (Cloudflare TLS bypass)
• Commander.js for CLI

License

MIT — see LICENSE