Back to skill

Security audit

Linear工作流机器人

Security checks across malware telemetry and agentic risk

Overview

The skill fits its Linear automation purpose, but it needs review because it documents an unauthenticated webhook that can trigger local scripts plus automatic Linear and Git changes.

Install only if you are prepared to review and harden the workflow before enabling it. Require webhook authentication or signed requests, validate event fields, run the worker with least privilege, disable autoPush until tested, use a dedicated repository or branch, and store API tokens with restrictive permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly describes an automated pipeline that executes tasks, invokes webhooks, and performs `git add/commit/push`, but it does not clearly warn users that these actions can modify local files, trigger external services, and publish changes remotely. In an agent context, missing consent and safety boundaries around system-modifying behavior increases the chance of unintended code execution, destructive changes, or accidental data disclosure through commits and notifications.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The setup step instructs users to place `LINEAR_API_KEY` in `~/.linearbot/linear.env` without an immediate warning about token sensitivity, file permissions, shell history leakage, or avoiding accidental commits/logging. While later sections mention environment variables and permissions, the omission at the setup point makes insecure handling more likely during initial onboarding.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The webhook receiver example accepts unauthenticated POST requests and immediately spawns `./scripts/handle-task.sh` based on attacker-controlled event data. This creates a direct remote trigger for local command execution workflows and can be abused for denial of service, repeated task execution, unintended side effects, or exploitation of downstream shell scripts if they mishandle the identifier input.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.