Linear CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a clear Linear CLI helper, but it can perform real Linear changes and deletions when the user runs those commands.

Install only if you trust the upstream linear CLI and want Codex to help operate your Linear workspace. Review commands that delete issues, teams, milestones, or documents, especially bulk, force, permanent, or confirmation-skipping modes, and treat any printed Linear API token as a secret.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill documents issue deletion, including bulk deletion from arguments, files, or stdin, without any explicit warning that the action is destructive and potentially irreversible. In automation contexts, users or downstream agents may invoke these paths without appreciating the blast radius, increasing the chance of accidental loss of project-tracking data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal