Safety Report

Linear

Name: Linear
Rating: 5 (1 reviews)
Author: MaTriXy

Manage Linear projects, issues, and tasks via the bundled Node CLI and the official Linear API. Use when you need to read, create, update, or organize Linear...

1,821Downloads

4Installs

1Stars

2Versions

API Integration4,971 File Management2,100 CLI & Shell Tools1,805 Project Management1,537

Security Analysis

high confidence

Clean0.04 risk

The skill's code, instructions, and requirements are consistent with a Linear CLI integration and only request the expected LINEAR_API_KEY and Node tooling.

Feb 15, 20268 files1 concern

Purpose & Capabilityok

The name/description match the contained CLI implementation (scripts/linear-cli.js) which uses @linear/sdk and targets Linear's GraphQL API. Required binaries (node, npm) and the LINEAR_API_KEY credential are appropriate and expected for this purpose.

Instruction Scopeok

SKILL.md instructs the agent to run the bundled Node CLI and to read LINEAR_API_KEY from the environment. Runtime steps are limited to listing/reading/updating Linear resources and explicitly forbid sending data to endpoints outside the Linear API. The CLI source only calls the official SDK and prints JSON; it does not access unrelated files or network endpoints.

Install Mechanismnote

Install uses a brew formula to install Node (reasonable). The package.json triggers `cd scripts && npm install` (postinstall), which will fetch @linear/sdk from the npm registry — typical but worth verifying in your environment. Note: @linear/sdk declares node engine >=18.x; ensure your Node version meets that requirement.

Credentialsok

Only a single credential (LINEAR_API_KEY) is required and is the primaryEnv; that is proportionate. The code reads only that env var and nothing else. Recommend using a dedicated, least-privilege Linear token for automation as the SKILL.md suggests.

Persistence & Privilegeok

The skill does not request permanent 'always' inclusion (always: false). It doesn't modify other skills or system-wide configs. Note that model invocation is allowed by default (disable-model-invocation: false) — this is the platform default and not in itself suspicious.

Guidance

This skill appears coherent and implements a straightforward CLI wrapper for the official Linear SDK. Before installing: 1) Use a dedicated Linear API token with minimal permissions and rotate it if needed. 2) Run npm install in a controlled environment (the package installs @linear/sdk from npm); verify network sources if you require stricter supply-chain controls. 3) Ensure your Node version meets the SDK's engine requirement (>=18.x). 4) Review the bundled scripts if you want extra assurance (the CLI is short and only calls the official SDK). 5) On shared platforms, ensure the platform only exposes LINEAR_API_KEY to this skill and not to unrelated components.

Latest Release

v1.0.0

Initial release of linear-skill – manage Linear projects and workflows via CLI and API. - Adds bundled Node.js CLI for Linear project, issue, comment, and label management. - Supports authentication via LINEAR_API_KEY environment variable. - Provides coverage for teams, projects, issues, comments, states, labels, users. - Includes operational best practices and setup guidance in documentation. - Offers reference examples and practical workflow suggestions in README and SKILL.md.

More by @MaTriXy

Agent Browser

14 stars

Audio Reply

2 stars

Agent Registry

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Published by @MaTriXy on ClawHub