Networking MCP

Local-first MCP research runtime for experimenting with AI-assisted browsing of a user-owned professional-network account.

This is an educational research project. It is not an official client, not an API, not affiliated with LinkedIn, and not endorsed by LinkedIn.

Read This First

Using this project against LinkedIn likely violates LinkedIn's User Agreement and related policies. LinkedIn's current User Agreement prohibits, among other things, software, scripts, robots, crawlers, browser plugins, or other processes used to scrape or copy the service, including profiles and other data; bypassing access controls or use limits; copying or distributing service content without consent; and bots or unauthorized automated access. LinkedIn's brand guidelines also restrict use of its name and brand in ways that could imply source, sponsorship, or affiliation.

Do not use this project on an account you cannot risk losing. Accounts may be restricted, challenged, suspended, or terminated. This repository is published for research and education, not as a product or service. You are responsible for understanding and complying with any terms, laws, and policies that apply to your use.

Relevant official links:

• LinkedIn User Agreement: https://www.linkedin.com/legal/user-agreement

• LinkedIn Brand Guidelines: https://brand.linkedin.com/policies

This README is not legal advice. Get legal advice before distributing binaries, charging money, collecting data, or promoting this publicly.

Related MCP server: LinkedIn MCP Server

What It Does

• Runs locally as an Electron tray daemon.

• Opens a real headed browser profile owned by the user.

• Exposes read tools, plus one gated write tool (send a message), through Model Context Protocol.

• Connects to desktop MCP clients through a local stdio bridge.

• Stores cache and logs locally in SQLite.

• Avoids exported cookies, hosted scraping infrastructure, and cloud storage.

What It Does Not Do

• It does not provide an official API.

• It does not bypass login, checkpoints, or access controls.

• It does not store passwords.

• It does not ship a public installer yet.

• It does not send messages to anyone other than a 1st-degree connection, and not without the user confirming the recipient first.

• It does not make automation safe or permitted by a third-party platform.

Current Tool Surface

The source build currently includes MCP tools for:

• profile reads;

• company reads;

• people search;

• company search;

• mutual-connection lookup;

• feed reads;

• conversation listing;

• conversation reading;

• sending a message (the only write action).

Opening a conversation can mark it as read on the target site, the same as if the user opened it manually.

Sending a message is gated. It only targets a 1st-degree connection, drives the real UI the way a human would, and confirms the recipient with the user before sending — through the client's confirmation dialog where supported (e.g. Claude Code), or a two-step approval in chat on clients without one (e.g. Claude Desktop). The single exception is an exact, unambiguous 1st-degree name match, which is sent directly.

Local Development

Requirements:

• Node.js 22.5 or newer (the local cache uses the built-in node:sqlite module).

• pnpm 10 or newer.

• Google Chrome installed locally (the session drives a real headed Chrome).

Install and verify:

pnpm install
pnpm test
pnpm typecheck
pnpm build

Run the desktop app from source:

pnpm dev

The tray app can open the browser session and write a Claude Desktop MCP config entry. Restart Claude Desktop after connecting it.

If you previously used an old config key, remove that stale MCP server entry from your client config. New installs use the networking key.

Packaging

The current pnpm build command builds the Electron output and the stdio bridge into out/. That is a development build, not a signed installer.

For release packaging, see docs/PACKAGING.md. Do not publish installers until you have handled:

• local MCP bearer-token authentication;

• code signing and notarization;

• a first-run risk acknowledgement;

• removal of real captured data and private research notes;

• a legal review.

Public-Repo Hygiene

Before publishing:

• Run git status --short and review every tracked file.

• Keep fixtures/profiles/ and fixtures/search/ untracked.

• Do not commit real profile HTML, search result HTML, message payloads, cookies, local databases, screenshots, or logs containing personal data.

• Avoid third-party trademarks in the project name, package name, app title, screenshots, and marketing copy.

• Keep examples synthetic.

License

MIT. See LICENSE.