Linear Webhook
Analysis
The skill’s Linear-to-agent purpose is coherent, but it should be reviewed because Linear comments can trigger agents and agent-side posting commands that use local Linear credentials with limited scoping.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
mappings: [ { name: "linear", match: { path: "/linear", method: "POST" }, action: "agent", transform: { module: "./linear-transform.js", export: "transformLinearWebhook" } } ]The webhook is configured to turn Linear comment-created POSTs directly into agent actions. The artifacts do not show commenter allowlists, team/label scoping, or a human approval step before dispatching implementation/planning work.
`**Issue Description:**`, `${issue.description || 'No description provided.'}`, `**Comment/Task:**`, `${comment.body}`,Raw Linear issue descriptions and comment bodies are inserted into the agent's task prompt without boundaries that mark them as untrusted external content.
`**⚠️ MANDATORY: After responding, run this command to post back to Linear:**`, ... `LINEAR_API_KEY=$(cat ~/.linear_api_key) node -e "const {postLinearComment} = require('/home/sven/clawd-mason/skills/linear-webhook/linear-transform.js'); postLinearComment('${issue.id}', \`YOUR_RESPONSE_HERE\`, ...);"`The generated agent task instructs the agent to run a raw shell/Node command that reads a local API key and writes to Linear, rather than using a bounded tool or explicit user approval.
const AGENT_MENTIONS = { '@mason': 'mason', '@eureka': 'eureka', '@forge': 'forge', };The SKILL.md and README describe routing @mason or @eureka, but the code also routes @forge, which broadens agent dispatch beyond the documented behavior.
`linear-api.js` - Linear GraphQL API client (for posting comments)
SKILL.md references a file that is not present in the supplied manifest, while the actual posting code is in linear-transform.js. This is an artifact coherence/provenance gap rather than evidence of malicious behavior.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
const tokensPath = process.env.HOME + '/.config/clawdbot/linear-agent-tokens.json'; ... personalKey = fs.readFileSync(process.env.HOME + '/.linear_api_key', 'utf8').trim(); ... 'Authorization': apiKey,
The code reads persistent local Linear/OAuth token files and uses the resulting API key in an Authorization header, while the registry metadata lists no required credential or env var.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
Use Cloudflare Tunnel or Tailscale Funnel to make webhook publicly accessible ... Add custom header: `x-clawdbot-token: your-secret-token-here` ... Verify webhook source (Linear's IP ranges if needed)
The public webhook flow is central to the skill and uses a bearer-style hook token, but source verification is presented as optional.