ClawHub

Maverick Linear MCPorter

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Linear connector that stores Linear OAuth credentials locally and lets the agent read or change Linear data when the user asks.

Install only if you want this agent to access your Linear workspace through your OAuth grant. Review write, create, and delete requests carefully because they can modify team-visible Linear data, and revoke the Linear grant when you no longer need the integration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
The output includes Linear's `Instructions:` field (read it — it specifies, for example, how to format markdown content) and a JSON Schema for every tool's parameters. Treat this as the authoritative reference for the rest of the session.

**Step 2 — Call any tool from the catalog** using the form `<server>.<tool>` where `<server>` is `maverick-linear` (the local registration key, not Linear's announced name):

```sh
mcporter --config {baseDir}/mcporter.json call maverick-linear.<tool> <arg>=<value> ...
Confidence
90% confidence
Finding
Call any tool

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal