Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Linear Issues
v1.0.0Interact with Linear for issue tracking. Use when creating, updating, listing, or searching issues. Supports viewing assigned issues, changing status, adding comments, and managing tasks.
⭐ 0· 2.5k·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description align with the code: the script talks exclusively to api.linear.app and implements listing, creating, updating, commenting, teams/states/users, etc. However the skill metadata declares no primary credential or required env vars even though both SKILL.md and scripts/linear.sh require a Linear API key (LINEAR_API_KEY or ~/.clawdbot/credentials/linear.json). The metadata also does not declare required CLI tools (curl, jq, column) that the script depends on.
Instruction Scope
SKILL.md and scripts/linear.sh stay within the stated purpose (access Linear via GraphQL). The script reads a credentials file at $HOME/.clawdbot/credentials/linear.json or the LINEAR_API_KEY env var — that's expected for an API integration. Concerns: the script interpolates user-supplied strings directly into JSON/GraphQL payloads without robust escaping, which can lead to malformed queries or injection-like behavior if an attacker or malformed input is provided. The only external endpoint contacted is api.linear.app (no unexpected endpoints).
Install Mechanism
No install spec (instruction-only + shipped script). That is low risk from an install perspective because nothing arbitrary is downloaded during install. The repo includes package.json/lock but there is no install step declared by the registry entry — the presence of Node deps in package-lock is not used at runtime by the shell script.
Credentials
The skill legitimately needs a Linear API key to function, which is documented in SKILL.md and used by the script, so the requested secret is proportionate. But the registry metadata did not declare a primary credential or required env var. Also the script expects runtime tools (curl, jq, column) that are not declared; missing these requirements can lead users to run the skill in an environment where it will fail or produce unexpected output.
Persistence & Privilege
always is false and the skill does not request to persist or modify other skills or system-wide configs. It only reads a credentials file in the user's home under ~/.clawdbot/credentials and environment variables, which is consistent with its purpose.
What to consider before installing
This skill appears to be a straightforward Linear CLI wrapper, but there are some gaps you should address before installing or running it:
- The skill requires a Linear API key (LINEAR_API_KEY or ~/.clawdbot/credentials/linear.json) even though the registry metadata doesn't declare it. Do not supply a high-privilege API key until you verify the author and intended usage. Prefer a token with minimal scopes.
- The shell script depends on command-line tools (curl, jq, column). Make sure those are available and from trusted packages on your system.
- The script builds GraphQL payloads by directly interpolating user input into JSON/GraphQL strings. That can break with quotes/newlines and could be abused if untrusted input is fed into the skill. Review and test with safe inputs; consider sanitizing/escaping values in the script before use.
- The package contains Node-related files (package.json / package-lock.json) but the runtime is a shell script; verify whether any Node code is intended to be executed and whether an install step is required.
If you want to proceed: 1) obtain a Linear API key with minimal permissions, 2) manually inspect scripts/linear.sh (or run it in a sandbox), 3) add the declared requirement for the API key and CLI tools to the skill metadata or request the author to update the package metadata to match runtime needs. If you cannot validate the author or the repository origin, consider not installing or running it on sensitive accounts.Like a lobster shell, security has layers — review code before you run it.
latestvk97adzn61wewg1zb32fnz3nnd9800av3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.