Linearb
Analysis
This looks like a legitimate LinearB integration, but it asks the agent to install an unpinned CLI and use OAuth-backed organization-changing actions without clear approval or scope limits.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
The skill allows instructions returned from the connection flow to guide the agent. This is purpose-aligned for setup, but external instruction text can influence agent behavior if not treated as subordinate to the user's request.
`Use action names and parameters as needed.` Popular actions include `Create Users`, `Create Teams`, `Update User`, `Update Team`, `Bulk Create Services`, and `Delete User`.
The skill exposes high-impact LinearB actions that can create, update, bulk-create, or delete organizational records, but the instructions do not clearly require user confirmation, scoping, or reversibility checks before mutations.
`npm install -g @membranehq/cli@latest` and `npx @membranehq/cli connection get <id> --wait --json`
The skill depends on an unpinned npm package and npx execution. Using `@latest` and global installation creates a supply-chain and provenance risk because the exact code version is not fixed in the artifact.
Install the Membrane CLI so you can run `membrane` from the terminal: `npm install -g @membranehq/cli@latest`
The skill is instruction-only but still directs the user/agent to install and run a CLI. This is expected for this integration, but it means local command execution is part of normal use.
Popular actions include `Create Deployment`, `Bulk Create Services`, `Update Incident`, `Update Team`, and `Delete User`.
These actions can affect shared LinearB organizational records, teams, services, incidents, and deployment metrics. The artifacts do not describe containment steps to prevent one mistaken input from propagating across shared analytics or organization data.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
`Membrane handles authentication and credentials refresh automatically` and `The user completes authentication in the browser. The output contains the new connection id.`
The skill delegates OAuth/session authority through Membrane and relies on automatic credential refresh, but the artifacts do not define permission scopes or limits for organization-management actions.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
`This skill uses the Membrane CLI to interact with LinearB. Membrane handles authentication and credentials refresh automatically`.
The integration uses Membrane as an intermediary gateway for LinearB authentication and actions. This is disclosed and purpose-aligned, but users should understand that credentials and LinearB requests are mediated by that provider.