ClawHub

Linear Autopilot

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent automation guide, but it can let Linear and Discord events drive an agent to update Linear, send Discord messages, run broad tasks, and push git changes without clear approval boundaries.

Review before installing. Use a dedicated low-privilege Linear token and Discord channel, treat webhook URLs and bot tokens as secrets, keep requireMention enabled unless you deliberately want channel-wide triggering, disable autoPush or require human review before git push, and know how to pause each Make/Pipedream/Zapier automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The security note downplays credential handling by claiming the skill does not collect or transmit credentials, yet the documented workflow depends on third-party automation platforms, webhooks, bot tokens, and API keys. Misrepresenting credential flow is risky because users may underestimate exposure to external processors, webhook leakage, and token misuse during setup and operation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs automatic git add, commit, and push operations without an explicit safety warning or confirmation step. Repository-modifying side effects are high-risk because they can publish sensitive files, commit unintended changes, or push to shared remotes, especially in a workflow driven by task ingestion and automation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide instructs users to create and paste a Discord webhook URL but does not state that the webhook URL is effectively a secret bearer credential. If the URL is exposed in screenshots, logs, commits, or shared docs, anyone who obtains it can post messages into the Discord channel and potentially trigger downstream bot automation, which is especially risky in this Linear-to-Clawdbot workflow.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions tell the user to create and paste a Linear Personal API key without warning that it is a sensitive credential with access to the user's Linear data and actions. Exposure of this key through browser history, notes, exported scenarios, screenshots, or shared setup docs could allow unauthorized access to project data and automation abuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide instructs forwarding Linear issue fields into Discord without any warning or guardrails around data sensitivity, audience scope, or retention. Linear tasks often contain internal project details, credentials, customer data, or security-sensitive context, so sending titles, statuses, and identifiers to a Discord server can create unintended external disclosure if the server, bot, or channel is misconfigured or broadly accessible.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide instructs users to supply a Discord bot token or webhook URL but does not identify them as secrets or warn against exposing them in shared docs, screenshots, logs, or chat. In this skill context, those credentials can let an attacker send messages as the bot or abuse webhook access, which could trigger downstream automation, spam channels, or impersonate trusted workflow events.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal