Linear
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: linear-api Version: 1.0.5 The skill provides a Linear API integration via the Maton API gateway (api.maton.ai) for managed OAuth authentication. It includes standard GraphQL queries and mutations for managing issues, teams, and projects, along with Python and CLI examples for interaction. The documentation in SKILL.md explicitly includes safety instructions requiring user approval for write operations, and no indicators of malicious intent, data exfiltration, or prompt injection were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved incorrectly, the agent could create, update, or delete Linear records such as issues, projects, labels, or comments.
The skill gives the agent write-capable Linear API workflows, including GraphQL operations. This is purpose-aligned and includes an approval instruction, but users should notice that mistakes could affect workspace data.
Access the Linear API with managed OAuth authentication. Query and manage issues, projects, teams, cycles, labels, and comments using GraphQL. ... All write operations require explicit user approval.
Confirm the exact Linear workspace, resource, and intended change before approving any create, update, or delete operation.
The skill can act through the connected Linear account within the permissions granted to the OAuth connection.
The integration relies on a Maton API key and a Linear OAuth token. That is expected for the stated Linear integration, but it grants account-level delegated authority.
Requires network access and valid Maton API key. ... Maton proxies requests to `api.linear.app` and automatically injects your OAuth token.
Connect only the intended Linear account, use the least-privileged OAuth connection available, and revoke the connection when it is no longer needed.
Linear issue, project, team, and user data may be transmitted through Maton while using the skill.
Linear requests and responses are routed through Maton's gateway before reaching Linear. This is disclosed and purpose-aligned, but it means Linear data passes through an additional service boundary.
https://api.maton.ai/linear/graphql ... Maton proxies requests to `api.linear.app` and automatically injects your OAuth token.
Use this only if you trust Maton to handle your Linear data and OAuth connection appropriately.
Installing the optional CLI adds external software to the local environment that was not reviewed in the provided skill artifacts.
The documentation suggests installing an external CLI globally. This appears purpose-aligned, but the CLI package itself is outside the provided artifact set.
npm install -g @maton-ai/cli ... brew install maton-ai/cli/maton
Install the Maton CLI only from the official source you trust, and verify the package before using it with your API key.