ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawbounty 2 Linear

v1.0.0

Manage Linear issues, projects, and cycles via GraphQL. Use when triaging backlogs, creating tasks from conversation, checking sprint progress, or running te...

0· 103·0 current·0 all-time
by@achilles2200ai-sys

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for achilles2200ai-sys/clawbounty-2-linear.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Clawbounty 2 Linear" (achilles2200ai-sys/clawbounty-2-linear) from ClawHub.
Skill page: https://clawhub.ai/achilles2200ai-sys/clawbounty-2-linear
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: LINEAR_API_KEY
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install clawbounty-2-linear

ClawHub CLI

Package manager switcher

npx clawhub@latest install clawbounty-2-linear
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and runtime instructions all align with managing Linear via its GraphQL API. The single required env var (LINEAR_API_KEY) is appropriate for the stated functionality (create/list/update issues, comments, cycles).
!
Instruction Scope
SKILL.md instructs the agent to run curl commands against https://api.linear.app using the LINEAR_API_KEY, which is expected. However, effector.toml declares subprocess = false and earlier registry metadata listed no required binaries while runtime.openclaw.requires lists curl and jq. Those are contradictory: the skill’s runtime clearly requires invoking curl/jq (subprocess behavior). This mismatch is a coherence issue that could reflect sloppy packaging or a mistaken security manifest.
Install Mechanism
This is an instruction-only skill with no install spec or downloads, which is low-risk. The skill expects existing curl and jq on PATH per effector.toml and examples. No external archives or URLs are fetched/installed by the skill itself.
Credentials
Only LINEAR_API_KEY is requested. The README/SKILL.md explains that a personal API key with read+write scope is needed; that is proportional to the claimed capabilities. No other unrelated credentials or file paths are requested.
Persistence & Privilege
always is false and the skill doesn't request persistent or cross-skill configuration changes. Autonomous invocation (disable-model-invocation=false) is the platform default and not itself flagged. No filesystem writes or other elevated privileges are declared.
What to consider before installing
This skill looks like a straightforward Linear GraphQL helper that needs a LINEAR_API_KEY. Before installing: 1) Note the manifest inconsistencies — SKILL.md uses curl/jq (shell commands) but effector.toml says subprocess=false and the top-level metadata omitted required binaries. Confirm with the publisher or review how your OpenClaw runtime executes SKILL.md (does it execute shell commands or translate GraphQL calls internally?). 2) Use the least-privilege API key possible (consider creating a key limited to the workspace/team and rotate/revoke after testing). 3) Test initially with read-only or scoped credentials if possible, and run simple read-only queries to confirm network endpoints are only api.linear.app. 4) Verify no unexpected external endpoints appear in the truncated Notes or other files (the SKILL.md was truncated near webhooks). 5) If you need stronger assurance, ask the publisher to resolve the effector.toml vs SKILL.md subprocess/binaries mismatch or provide a reference runtime integration that demonstrates how shell commands are executed.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔷 Clawdis
EnvLINEAR_API_KEY
latestvk972ftb709cx7pxdn4bxp99qxs85778j
103downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@achilles2200ai-sys
latest
Download

Purpose

Control Linear from OpenClaw. Create issues, triage backlogs, update priorities, and run sprint reviews — all from your AI assistant, without switching tabs.

Works via Linear's GraphQL API using curl. No CLI or SDK required.

When to Use

  • Checking sprint progress mid-cycle
  • Creating issues from meeting notes or conversation
  • Triaging and reprioritizing a backlog
  • Looking up an issue's status before a standup
  • Bulk-updating labels, assignees, or priorities
  • Generating a status report across projects or teams

When NOT to Use

  • Complex Figma/design reviews (use browser tooling)
  • GitHub PR integration (use the github skill instead)
  • Syncing Linear with Jira or other trackers (script with Linear's API directly)

Setup

  1. Open Linear → Settings → API → Personal API keys
  2. Create a key (read + write scope)
  3. Add to your OpenClaw config:
LINEAR_API_KEY=lin_api_xxxxxxxxxxxxxxxx

Verify the key works:

curl -s -X POST https://api.linear.app/graphql \
  -H "Authorization: $LINEAR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query": "{ viewer { name } }"}' | jq .

You should see your name returned.

Commands

List your open issues

curl -s -X POST https://api.linear.app/graphql \
  -H "Authorization: $LINEAR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "{ viewer { assignedIssues(filter: { state: { type: { nin: [\"completed\", \"cancelled\"] } } }) { nodes { id title priority state { name } team { name } } } } }"
  }' | jq '.data.viewer.assignedIssues.nodes'

Get issues for a team

TEAM_KEY="ENG"  # your team's key

curl -s -X POST https://api.linear.app/graphql \
  -H "Authorization: $LINEAR_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{
    \"query\": \"{ team(key: \\\"$TEAM_KEY\\\") { issues(filter: { state: { type: { eq: \\\"started\\\" } } }) { nodes { id identifier title assignee { name } priority } } } }\"
  }" | jq '.data.team.issues.nodes'

Create an issue

curl -s -X POST https://api.linear.app/graphql \
  -H "Authorization: $LINEAR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "mutation IssueCreate($input: IssueCreateInput!) { issueCreate(input: $input) { success issue { id identifier title } } }",
    "variables": {
      "input": {
        "teamId": "TEAM_ID_HERE",
        "title": "Issue title from OpenClaw",
        "description": "Created via OpenClaw linear skill.",
        "priority": 2
      }
    }
  }' | jq '.data.issueCreate'

Priority levels: 0 = No priority, 1 = Urgent, 2 = High, 3 = Medium, 4 = Low.

Update an issue

ISSUE_ID="ISSUE_ID_HERE"

curl -s -X POST https://api.linear.app/graphql \
  -H "Authorization: $LINEAR_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{
    \"query\": \"mutation { issueUpdate(id: \\\"$ISSUE_ID\\\", input: { priority: 1, stateId: \\\"STATE_ID\\\" }) { success issue { id title priority state { name } } } }\"
  }" | jq '.data.issueUpdate'

Search issues by keyword

QUERY="authentication bug"

curl -s -X POST https://api.linear.app/graphql \
  -H "Authorization: $LINEAR_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{
    \"query\": \"{ issueSearch(query: \\\"$QUERY\\\") { nodes { id identifier title state { name } assignee { name } priority } } }\"
  }" | jq '.data.issueSearch.nodes'

Get current cycle (sprint) for a team

TEAM_KEY="ENG"

curl -s -X POST https://api.linear.app/graphql \
  -H "Authorization: $LINEAR_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{
    \"query\": \"{ team(key: \\\"$TEAM_KEY\\\") { activeCycle { id name startsAt endsAt issues { nodes { id title state { name } estimate } } } } }\"
  }" | jq '.data.team.activeCycle'

Add a comment to an issue

ISSUE_ID="ISSUE_ID_HERE"
COMMENT="LGTM — deploying to staging now."

curl -s -X POST https://api.linear.app/graphql \
  -H "Authorization: $LINEAR_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{
    \"query\": \"mutation { commentCreate(input: { issueId: \\\"$ISSUE_ID\\\", body: \\\"$COMMENT\\\" }) { success comment { id body } } }\"
  }" | jq '.data.commentCreate'

Examples

Morning standup prep: "What are my open Linear issues with priority Urgent or High?" → Run the "list your open issues" query, filter by priority ≤ 2.

After a meeting: "Create a Linear issue in the ENG team: 'Fix auth token refresh race condition', High priority" → Look up ENG team ID, then run the create mutation with the title and priority=2.

Sprint review: "Show me all completed issues in the current ENG cycle" → Get activeCycle, filter state.type == "completed". Summarize with titles and estimates.

Triage: "Move all issues assigned to @alice in ENG to 'In Progress'" → Fetch issues, get state ID for "In Progress", run issueUpdate for each.

Notes

  • Rate limits: Linear API allows 1,500 requests/hour. Cache results for bulk reads.
  • IDs vs keys: Teams can be queried by key (e.g. "ENG"). Issues, states, and cycles require UUIDs. Get UUIDs from list queries.
  • GraphQL introspection: Run { __schema { types { name } } } to explore the full API schema.
  • Webhooks: For real-time issue updates, configure a webhook in Linear → Settings → API → Webhooks. Pair with the webhook-listener skill.
  • Pagination: Large teams should use first: N, after: cursor pagination. Default page size is 50.

Comments

Loading comments...