Security Audit
openai/skills:skills/.curated/linear
github.com/openai/skillsTrust Assessment
openai/skills:skills/.curated/linear received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary Command Execution via WSL Configuration Instruction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 17, 2026 (commit 49f948fa). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary Command Execution via WSL Configuration Instruction The skill instructions direct the LLM/user to execute arbitrary shell commands (`codex mcp add`, `codex --enable rmcp_client`) and configure a local MCP server using WSL with arbitrary arguments (`wsl npx -y mcp-remote ...`). If an attacker can manipulate the inputs or if the LLM executes these commands automatically on behalf of the user, it leads to arbitrary command execution on the host system. Avoid instructing the LLM to run arbitrary shell commands or configure local system execution parameters (like WSL/npx) directly from untrusted skill instructions. Instead, rely on pre-configured, secure MCP connections managed entirely by the host environment. | LLM | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/53cc14aa15e57f9f)
Powered by SkillShield