Linear Webhook

This skill generally does what it says (route @mentions to agents), but there are a few red flags you should act on before installing: - Manifest mismatch: The registry lists no required credentials, but SKILL.md and the code require a webhook token and a Linear API key (and may read agent OAuth tokens). Treat this as a sign the package metadata is incomplete or careless. - Local secret files & hard-coded paths: The code reads ~/.linear_api_key and ~/.config/clawdbot/linear-agent-tokens.json and references /home/sven/… paths. Before use, remove or fix hard-coded paths and prefer environment variables over reading plain files. If you keep a file-based key, ensure its filesystem permissions are strict (600) and it is stored in a secure location. - Shell execution: post-response.js executes the Clawdbot CLI and the code shows examples that run node -e with require() to call postLinearComment. Review those commands and avoid running arbitrary node -e snippets from untrusted sources. - Least privilege: Provide the Linear API token with the minimal scopes needed (write only where necessary) and consider using a dedicated Linear bot account instead of a personal API key. Rotate tokens and revoke them if you stop using the skill. - Network exposure: The instructions recommend Cloudflare Tunnel / Tailscale Funnel. If you expose a webhook, ensure the webhook endpoint requires the CLAWDBOT_HOOK_TOKEN header and restrict incoming sources if possible. - Code review: Because the skill was published from an unknown source, review the included JS scripts for any additional hidden network endpoints or data exfiltration paths (the current files do not point to suspicious external endpoints, but they do read and use local secrets). If you cannot review the code, run it in an isolated environment/container and limit its network and filesystem access. - Suggested changes before production use: - Update the skill metadata to declare required env vars (CLAWDBOT_HOOK_TOKEN, LINEAR_API_KEY) so the registry is honest about secrets needed. - Replace file-based secret reads with well-documented environment variable usage and explicit config paths. - Remove hard-coded absolute paths; make module import paths relative or configurable. - Add comment/response posting to use a dedicated app-level token and confirm how attribution is handled. If you accept those mitigations (or can run the skill in a sandboxed environment), the skill appears usable. Without those changes, treat it cautiously and avoid placing production secrets where the code expects them.