That is the first thing almost every Zevari customer says out loud. So we answer it the way it deserves to be answered - with the actual mechanics, not adjectives. Here is exactly how Zevari runs on your LinkedIn account, what it will and will not do, and the real numbers behind every limit.
Most LinkedIn tools say "safe" and stop there. Nobody publishes the actual mechanism, because for most of them the mechanism is a browser cookie and a prayer. We do the opposite. The way Anthropic publishes its safety research, we publish our safety model - because if you are handing software the keys to the account your pipeline runs on, you are owed the receipts.
If you only read one line: every action that writes to LinkedIn - every message, connection request, comment, and post - is staged for a human to approve before it sends. Nothing touches your account that you did not see first.
The one-line version of what Zevari is
Run LinkedIn outbound as code - and if you don't run Claude Code or Codex, we run it for you.
Reach Zevari over MCP (Claude Code, Codex, any MCP client) or our REST API from your own code. Either way, the safety model below is identical. It is built into the platform, not bolted onto a plan.
The receipts
Each one is a thing the software does, not a promise it makes.
Messages, connection requests, comments, and posts never fire on their own. Your agent drafts and queues the action; you approve it from a review surface - inside Claude, or from a Slack and email digest if we run it for you. This is not a setting you can leave off. It is how the execution layer is wired.
This is the single biggest reason accounts get banned. Most Claude-to-LinkedIn bridges and Chrome-extension tools ride a browser cookie, and LinkedIn flags the unfamiliar automation fingerprint on your session. Zevari connects through a managed session, never a scraped cookie injected into a headless browser.
Zevari holds you under LinkedIn's real tolerance bands automatically: 40 per week on Free, 80 on Premium, 150 on Sales Navigator. These are platform-enforced ceilings, not a slider we trust you to set sensibly. You do not need Sales Navigator to run Zevari.
Real people do not fire 80 connection requests in a 90-second window at 3am, so Zevari does not either. Actions run inside configurable working hours, spaced with behavioral pacing, and capped against bursts. The pattern of activity is what LinkedIn's detection actually watches.
Zevari will not message the same person twice by accident, will not re-request a connection you already sent, will not double-comment. Every queued action is checked against what has already happened on the account. Sloppy duplicate behavior is both a credibility killer and a ban signal.
Cold-blasting strangers is the fastest way to look like a bot. Zevari can view profiles, react, and leave genuine comments before the ask, and it runs warm-up sequencing so a brand-new account ramps instead of sprinting. This is hosted state Claude Code or Codex cannot hold on its own.
These are platform-enforced ceilings, not a slider we trust you to set sensibly. You do not need Sales Navigator to run Zevari - the limits are just lower on a free account.
What we don't do
Every one of these is a common shortcut in this category, and every one is a documented way to lose your account. The reason Zevari is slower and more deliberate than a cookie-scraper is the entire point.
The founder's receipt
Zevari was built by an operator who runs his own LinkedIn outbound on it, every day. Not a demo account - the real account his business depends on. He spent a year refining this safety model: the pacing, the ceilings, the burst caps, the approval gates. Across that year of real daily use and a growing base of customers running their own accounts on it: zero ban incidents.
That is the number that matters. Not "trusted by thousands." Not "enterprise-grade." A year of real outbound, a model refined the hard way, and a clean record.
The contrast
The buyers who find Zevari almost always arrive after something went wrong somewhere else.
The Chrome extensions and "connect Claude to LinkedIn in 5 minutes" hacks that ride a browser cookie. They work until LinkedIn’s automation detection flags the session, then your account is restricted.
"My account kept getting banned with the virtual assistants - LinkedIn just sees logs." Inconsistent, unpaced, untraceable activity is a ban magnet.
The autonomous AI SDR category churns most teams inside a year, and at least one of the big names got its own outreach LinkedIn-banned. Autonomy with no approval gate is exactly the wrong posture for a platform that bans on behavioral pattern.
Zevari is the opposite design on every axis: human-approved instead of autonomous, session-based instead of cookie-based, paced and capped instead of burst-and-pray. The operator consensus in this market has landed on human-in-the-loop, and that is where Zevari started.
FAQ
No tool can put zero in writing, and anyone who does is lying to you. What we can put in writing is the mechanism: every write action is staged for your approval, the connection is session-based with no browser cookies, and weekly ceilings plus working hours, behavioral pacing, duplicate checks, and burst caps are enforced automatically. The model was refined over a year of the founder running his own account on it, with zero ban incidents to date. The shortcuts that get accounts banned - cookie injection, autonomous blasting, ignoring limits - are the exact things Zevari is built not to do.
Zevari holds you under LinkedIn's real tolerance bands by plan: 40 per week on a free account, 80 on Premium, and 150 on Sales Navigator. These are enforced ceilings, not suggestions you can override, and they are spaced across working hours with behavioral pacing rather than sent in a burst.
No. You can run Zevari on a free or Premium LinkedIn account. Sales Navigator only raises your weekly connection ceiling to 150 - it is not required to start, and several customers run the whole thing without it.
Yes - Zevari is warm by default. It can view profiles, react, and leave genuine comments before any ask, and it runs warm-up state so a newer account ramps gradually instead of sprinting into restrictions. The platform holds that state between sessions, so the warm-up actually persists.
Those tools inject a browser cookie into a headless session, which is the single most common reason LinkedIn flags and restricts an account. Zevari uses a managed, session-based connection and never stores your password to log in as you in a browser. Combined with approval gates and enforced pacing, that is the difference between activity that looks like you and activity that looks like a bot.
No. Every message, connection request, comment, and post is staged for you to approve first. You see it before it sends, from inside Claude or from a Slack and email digest if we operate the engine for you. Nothing touches your account that you did not sign off on.
The mechanics above are identical whether you operate Zevari yourself or we operate it for you. The only thing that changes is whose hands are on the keyboard.
You run Claude Code or Codex. Get the hosted LinkedIn MCP, all 60+ tools, and this full safety model, self-serve. Connect over MCP (Claude Code, Codex, any MCP client) or call our REST API from your own code.
Connect to Claude CodeYou don't run Claude Code or Codex, but you want the same approval-gated engine working your pipeline. We set it up, run it on our infrastructure, and send every message to you for approval from Slack.
We run it for youZevari - the LinkedIn execution layer for Claude. Your agent sleeps; your pipeline doesn't.