ClawHub

Linear Agent

v1.0.2

Full Linear project management via native GraphQL API. Superior to shell-script alternatives — auto-resolves identifiers (ENG-42), moves issues by state name...

1· 297·0 current·0 all-time
by@clawdbotworker
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement a Linear GraphQL client and operations that clearly require a Linear API key — this matches the stated purpose. However, the top-level registry metadata in the prompt claims "Required env vars: none" and "Primary credential: none", which conflicts with skill.json and SKILL.md (both require LINEAR_API_KEY). That inconsistency in published metadata is unexpected and should be resolved.
Instruction Scope
SKILL.md and the code confine runtime behavior to the Linear GraphQL API and local parsing (e.g., git commit parsing). The instructions explicitly require LINEAR_API_KEY and describe CLI / stdin usage. The runtime code only reads OPENCLAW and LINEAR_API_KEY from the environment; it does not instruct reading arbitrary local files or sending data to other endpoints. Behavior stays within the stated scope.
Install Mechanism
There is no install spec (no remote downloads); code is bundled in the skill and uses only built-in Node.js modules. This is low-install risk because nothing is fetched from arbitrary URLs during install. The package has zero runtime dependencies and uses Node built-ins (https/fetch).
!
Credentials
The code and skill.json require a single credential: LINEAR_API_KEY, which is appropriate for a Linear client. The concern is the mismatch with the registry-level metadata (which lists no required env) — that could cause the platform to not surface the secret prompt properly. Also note that the provided API key will be sent as an Authorization header to api.linear.app, and that key permits operations (create/update/move issues, post comments) — the user should only supply a key with the least privileges necessary.
Persistence & Privilege
The skill is not 'always: true' and is user-invocable only. It does not request elevated platform privileges or modify other skills' configs. Autonomous invocation is allowed by default (disable-model-invocation is false) but that is platform normal and not by itself concerning here.
What to consider before installing
This skill appears to do what it says (talk to Linear's GraphQL API) and the source includes readable code you can inspect. However: (1) the registry metadata shown to you contradicts the packaged manifest and README — it says no env vars, while skill.json and SKILL.md require LINEAR_API_KEY. That inconsistency is a red flag for sloppy publishing or metadata tampering; confirm the platform will prompt for the secret and that the manifest used at install time matches the shipped skill.json. (2) The skill will transmit the LINEAR_API_KEY in an Authorization header to api.linear.app — treat that key as powerful (it can create/move/close issues). Prefer creating a limited-scope or service account key, and rotate/revoke it if you stop using the skill. (3) Verify the missing/omitted files (4 files were truncated in the listing) and confirm there are no network calls to unexpected hosts beyond api.linear.app. (4) Because the package author/source are unclear (no homepage, unknown owner id), only install after reviewing the full source or obtaining the package from a trusted publisher. If you cannot review the code, run the tool in an isolated environment and avoid providing a high-privilege API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk97drrrds9k9bezjr8qnwhz78x829qnb
297downloads
1stars
3versions
Updated 1mo ago
v1.0.2
MIT-0
@clawdbotworker
latest
Download

linear-agent

Full Linear project management via GraphQL API.

What I do

  • Create, update, and search issues
  • Move issues through workflow states by name
  • Manage cycles and sprints
  • Summarize team backlogs in plain English
  • Sync git commit messages to issue states (e.g. "fixes ENG-42")
  • Create and manage projects
  • Post comments on issues

Setup

Requires LINEAR_API_KEY environment variable. Get your key at: Linear → Settings → Security & Access → API Keys Set your Linear API key:

LINEAR_API_KEY=lin_api_yourkey

Get your key at: Linear → Settings → Security & Access → API Keys

Usage

Works as both an OpenClaw skill and standalone CLI:

node index.js list-teams
node index.js create-issue --title "My issue" --teamId ENG
node index.js backlog-summary --teamId ENG

Comments

Loading comments...