Linear Webhook
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill largely matches a Linear-to-agent webhook, but it under-discloses credential use, adds an unexpected agent route, and tells agents to run local commands that can post back to Linear.
Install only if you are comfortable exposing a token-protected webhook that can trigger agents from Linear comments. Before use, remove or document the @forge route, replace the mandatory node/shell post-back command with a safer approved workflow, use a least-privilege Linear token, and avoid implicit reads from ~/.linear_api_key or other local token stores.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use an existing local Linear credential to post comments, potentially as a personal account rather than a clearly scoped integration.
The code reads local OAuth/API key files and uses the resulting API key to authorize Linear API writes, even though the metadata declares no credential requirement.
const tokensPath = process.env.HOME + '/.config/clawdbot/linear-agent-tokens.json'; ... personalKey = fs.readFileSync(process.env.HOME + '/.linear_api_key', 'utf8').trim(); ... headers: { 'Authorization': apiKey }Declare the required Linear credential, require an explicit configured token, avoid implicit reads from HOME credential files, and use the least-privileged Linear token possible.
A Linear comment can lead an agent to execute a local command and publish output back into Linear without a clear human review step.
The transform injects a directive for the downstream agent to run a local command that reads a credential and mutates Linear by posting a comment.
**⚠️ MANDATORY: After responding, run this command to post back to Linear:** ... LINEAR_API_KEY=$(cat ~/.linear_api_key) node -e
Replace the mandatory shell command with a controlled response handler, add explicit approval for posting, and safely serialize agent responses instead of embedding them in ad hoc commands.
If this helper is run with an attacker-controlled or malformed session key, it could execute unintended local shell commands.
The helper interpolates a sessionKey argument into a shell command; the accepted session-key pattern leaves the issue-id portion broad enough to be unsafe if untrusted input reaches it.
const { stdout } = await execAsync(`clawdbot sessions history ${sessionKey} --json`);Use execFile or spawn with an argument array, strictly validate session keys, and avoid shell interpolation for any value derived from webhooks or agent/session metadata.
Linear users could trigger an unexpected agent session if @forge exists in the environment.
The public description and docs emphasize @mason and @eureka, while the code also routes @forge, making the effective agent surface broader than disclosed.
const AGENT_MENTIONS = { '@mason': 'mason', '@eureka': 'eureka', '@forge': 'forge' };Remove undocumented agent mappings or document them clearly and make the allowed mention-to-agent map an explicit administrator-controlled allowlist.
Linear issue content and commenter information will be sent into the configured agent/model workflow.
Forwarding Linear issue and comment context to agents is central to the skill, but that data can include private project details or personal information.
The agent receives: - Issue title - Issue description - Issue labels - Comment text (the @mention) - Issue URL - Commenter name
Limit the webhook to appropriate Linear workspaces/events, avoid using it on highly sensitive issues unless approved, and verify where agent/model data is processed.
Users have less assurance about where the code came from and must rely on the reviewed artifact contents.
The artifact has no declared upstream source or homepage, which makes provenance harder to verify, although no remote install or dependency download is shown.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included files before use and prefer a version with a known source repository, documented release process, and corrected credential declarations.