ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Linear Feedback Triage

v1.0.0

Triage user-feedback issues in Linear, especially FB team / 用户反馈 workflows. Use when asked to query Linear issues, list recent complaints, find duplicate fee...

0· 101·0 current·0 all-time
by@qwqcode
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to triage Linear issues, which legitimately requires access to Linear credentials/config. However the manifest declares no required env vars, primary credential, or config paths, while the SKILL.md directly references config/mcporter.json and an absolute workspace path. The declared requirements do not match what the instructions actually need.
!
Instruction Scope
Runtime instructions tell the agent to exec commands from an absolute local path (/Users/claw/.openclaw/workspace) and to read/use config/mcporter.json. They also include mutation commands that write to Linear. The SKILL.md therefore instructs filesystem access and potential credential use that are not declared or constrained — this broad scope is a red flag.
!
Install Mechanism
There is no install spec, but the instructions rely on running 'npx -y mcporter' at runtime. Using npx to fetch and run a package each invocation can execute arbitrary remote code and has no integrity/pinning in the skill. That risk should be acknowledged and mitigated (pin version, vet package source).
!
Credentials
The skill declares no environment variables or primary credential, yet it depends on a local mcporter configuration file that almost certainly contains API tokens or endpoints for Linear. The required access to secrets/config is implicit and not declared, which is disproportionate and hides what the agent will need to access.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable (defaults apply). Autonomous invocation is allowed by platform default; combined with the above missing declarations (local config access + remote npx execution) this increases blast radius. The skill does not request persistent installation, which is appropriate.
What to consider before installing
Do not install/run this skill without clarifying how it will access Linear credentials and where it will execute. Specific checks to request or perform before using: 1) Ask the skill author to declare required config paths or env vars (e.g., LINEAR_API_KEY or path to mcporter.json). 2) Inspect the referenced config/mcporter.json and confirm it does not expose sensitive tokens you don't want the agent to read. 3) Avoid running unpinned 'npx -y mcporter' — ask for a pinned package version or a vetted binary and verify the package source. 4) Prefer running the skill in a sandboxed environment or with least-privilege credentials (read-only Linear scope) until you trust it. 5) If you cannot verify where the skill will run and what mcporter.json contains, consider this skill risky because it implicitly requires secret access not declared in the manifest.

Like a lobster shell, security has layers — review code before you run it.

latestvk974vfqvydv2rmkcmb5rjdntxh83356f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments