Linear

Security checks across malware telemetry and agentic risk

Overview

This Linear connector can read and change Linear data, including deletes and raw GraphQL mutations, but those capabilities are disclosed, purpose-aligned, and paired with confirmation guidance.

Install only if you are comfortable letting an agent use your OOMOL-connected Linear account. Review exact payloads before approving writes, take extra care with delete/remove actions and raw GraphQL mutations, and connect only the Linear scopes you are willing for the agent to use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: This action explicitly enables direct write operations against the Linear GraphQL API but provides no warning that mutations can create, modify, or delete production data. Because the skill description says to use this skill for any Linear request and exposes a generic mutation primitive, an agent or user could perform destructive or unintended writes without adequate caution or confirmation.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal