Linear CLI
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong issue, project, document, or team, the agent could make unwanted changes in Linear.
The skill documents broad Linear API access and destructive issue deletion with a confirmation-skipping flag. This is aligned with managing Linear, but it can change or delete workspace data.
linear api # Make a raw GraphQL API request ... # Delete an issue linear issue delete ABC-123 -y
Require explicit user confirmation before updates, deletes, bulk actions, force flags, or raw GraphQL mutations; prefer scoped CLI commands over raw API calls.
The CLI can act as the authenticated Linear user and may access or modify workspace data that account can reach.
The skill requires Linear API authentication. That credential use is expected for the integration, but it grants access according to the user's Linear permissions.
1. Create an API key at https://linear.app/settings/account/security 2. Authenticate: `linear auth login`
Use only trusted Linear credentials, avoid sharing printed tokens, and revoke the API key if it may have been exposed.
Installing the upstream CLI runs and trusts code outside the reviewed skill artifacts.
The skill is instruction-only and relies on an external CLI package; the Deno installation example grants broad permissions with `-A`.
- **Homebrew**: `brew install schpet/tap/linear` - **Deno**: `deno install -A --reload -f -g -n linear jsr:@schpet/linear-cli` - **Binaries**: https://github.com/schpet/linear-cli/releases/latest
Install from a trusted source, prefer pinned or verified releases where possible, and review the upstream CLI before using it with Linear credentials.