Trust Assessment
linear received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Dependency in Example Configuration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 16, 2026 (commit ccf6204f). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Dependency in Example Configuration The skill provides an example configuration for the Linear MCP that uses `npx -y mcp-remote`. The `mcp-remote` package is not pinned to a specific version. This means that `npx` will always fetch the latest version, which introduces a supply chain risk. If a malicious version of `mcp-remote` (or one of its dependencies) is published, systems adopting this configuration could unknowingly execute compromised code. Pin the `mcp-remote` package to a specific, known-good version in the example configuration. For instance, `npx -y mcp-remote@1.2.3` (replace 1.2.3 with a stable version). This ensures that the system always uses a tested and verified version, mitigating risks from future malicious updates. | Static | SKILL.md:32 |
Scan History
Embed Code
[](https://skillshield.io/report/4970d26a5d44b839)
Powered by SkillShield