Linear CLI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Linear automation skill, but it gives an agent broad live access to mutate, delete, upload to, and make raw API calls against Linear with limited built-in scoping guidance.

Install only if you intentionally want an agent to operate with your Linear credentials. Verify the external `linear` CLI source/version, use the least-privileged workspace credentials available, avoid exposing `linear auth token`, review any file or context inputs before upload, and require explicit approval for raw API/curl, delete, archive, and bulk operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The documentation explicitly instructs users to retrieve a bearer token with `linear auth token` and inject it into a raw `curl` Authorization header, but it does not warn that this credential is sensitive or discuss leakage risks through shell history, logs, process inspection, copied snippets, or downstream tooling. In a security-sensitive agent skill, normalizing direct token handling increases the chance of accidental credential exposure and unsafe reuse outside the safer CLI abstraction.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation explicitly advertises a command that prints the configured API token, but it provides no warning that the token may be exposed in shell history, terminal scrollback, CI logs, agent transcripts, or other captured output. In an agent-oriented CLI context, this is more dangerous than usual because tools often capture and forward stdout automatically, making credential disclosure easy and high-impact.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This documentation exposes state-changing commands such as `create`, `add`, and `remove` without clearly warning that they will modify live Linear data. In an agent-executed context, missing mutation warnings increases the chance that an LLM or user will invoke these commands as if they were read-only discovery actions, causing unintended workflow changes.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation exposes attachment functionality that uploads a local file to Linear but does not warn users that specifying a path will transfer local file contents to an external service. In an agent-driven context, this increases the chance of unintended exfiltration of sensitive workspace files because an automated system may treat any reachable file path as safe input.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The create/update documentation promotes ingestion of external context files and triage/application behavior without clearly warning that source data from those files may be copied into Linear fields or comments. In an agent-safe automation setting, this can lead to accidental disclosure of sensitive material from Slack threads, local JSON envelopes, or other source-adjacent artifacts into a third-party SaaS system.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation includes bulk issue deletion commands and other destructive operations without any cautionary note, confirmation guidance, or emphasis on reversibility limits. In an agent-oriented CLI context, examples are often copied directly into automation, so presenting destructive bulk deletes as routine commands increases the risk of accidental mass data loss.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The label deletion example documents a destructive action without warning about its impact, which may cause users or agents to remove labels unintentionally. While narrower in scope than bulk issue deletion, it can still disrupt workflows, reporting, and automation that depend on labels.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The documentation exposes a destructive deletion command with `--yes`/`--force` confirmation bypass and does not prominently warn about irreversible effects or the possibility of moving or deleting team-associated state. In an agent skill context, concise CLI docs are often consumed programmatically, so missing safety warnings increase the chance of accidental destructive actions against a live Linear workspace.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: -w, --workspace <slug> - Target workspace (uses credentials) --profile <profile> - Execution profile override (agent-safe default, human-debug opt-in) -i, --interactive - Enable interactive confirmation -y, --yes - Skip confirmation prompt --force - Deprecated alias for --yes --bulk <ids...> - Archive multiple initiatives by ID, slug, or name --bulk-file <file> - Read initiative IDs from a file (one per line)
Confidence: 90% confidence
Finding: Skip confirmation

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: -w, --workspace <slug> - Target workspace (uses credentials) --profile <profile> - Execution profile override (agent-safe default, human-debug opt-in) -i, --interactive - Enable interactive confirmation -y, --yes - Skip confirmation prompt --force - Deprecated alias for --yes --bulk <ids...> - Delete multiple initiatives by ID, slug, or name --bulk-file <file> - Read initiative IDs from a file (one per line)
Confidence: 96% confidence
Finding: Skip confirmation

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal