Back to skill

Security audit

Linear Issues

Security checks across malware telemetry and agentic risk

Overview

This Linear skill is mostly coherent, but it needs review because it can change live Linear data and builds API requests from unescaped user text.

Review before installing. Use the narrowest Linear API key available, avoid feeding untrusted text into search/create/update/comment fields, and confirm any issue creation, status change, assignee change, priority change, or comment before letting an agent run it against a real workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to execute a local shell script (`scripts/linear.sh`) and handle an API credential stored on disk, but it declares no permissions. That mismatch is a real security issue because it hides the skill's execution and data-access capabilities from policy enforcement and reviewers, increasing the chance of unintended command execution or credential exposure through the shell pathway.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes commands that create, update, move, and comment on Linear issues but does not clearly warn users that these actions will modify live data in an external system. In an AI-assistant skill context, this can lead to unintended state-changing operations, especially if users assume commands are informational or exploratory rather than mutating.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The create, update, and comment paths perform state-changing operations against Linear immediately with no confirmation, dry-run mode, or secondary validation. In an agent context, this increases the risk of accidental or prompt-induced changes to production issue data because a single mistaken invocation can create, modify, or comment on remote records.

Known Vulnerable Dependency: undici==7.19.1 — 10 advisory(ies): CVE-2026-1525 (Undici has an HTTP Request/Response Smuggling issue); CVE-2026-6733 (undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse); CVE-2026-1527 (Undici has CRLF Injection in undici via `upgrade` option) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
undici==7.19.1

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.