Trust Assessment
linear received a trust score of 36/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 5 critical, 1 high, 4 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Sensitive path access: AI agent config, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | GraphQL Injection via Unsanitized User Input The `scripts/linear.sh` script constructs GraphQL queries by directly embedding user-supplied arguments (e.g., team IDs, issue IDs, search terms, titles, descriptions) into the query string without proper sanitization or escaping. This allows an attacker to inject arbitrary GraphQL fragments, potentially leading to unauthorized data access, modification, or denial of service against the Linear API. For example, injecting `\", "malicious": "query` into a string parameter could break out of the intended field and execute arbitrary GraphQL. Implement robust input sanitization and escaping for all user-provided arguments before embedding them into GraphQL queries. Consider using a GraphQL client library that handles parameterization and escaping automatically, or manually escape all special characters (e.g., double quotes, backslashes) in user input to prevent query structure manipulation. For shell scripts, this often involves careful quoting and potentially using a JSON-aware tool like `jq` to construct the payload safely. | LLM | scripts/linear.sh:109 | |
| CRITICAL | GraphQL Injection via Unsanitized User Input The `scripts/linear.sh` script constructs GraphQL queries by directly embedding user-supplied arguments (e.g., team IDs, issue IDs, search terms, titles, descriptions) into the query string without proper sanitization or escaping. This allows an attacker to inject arbitrary GraphQL fragments, potentially leading to unauthorized data access, modification, or denial of service against the Linear API. For example, injecting `\", "malicious": "query` into a string parameter could break out of the intended field and execute arbitrary GraphQL. Implement robust input sanitization and escaping for all user-provided arguments before embedding them into GraphQL queries. Consider using a GraphQL client library that handles parameterization and escaping automatically, or manually escape all special characters (e.g., double quotes, backslashes) in user input to prevent query structure manipulation. For shell scripts, this often involves careful quoting and potentially using a JSON-aware tool like `jq` to construct the payload safely. | LLM | scripts/linear.sh:114 | |
| CRITICAL | GraphQL Injection via Unsanitized User Input The `scripts/linear.sh` script constructs GraphQL queries by directly embedding user-supplied arguments (e.g., team IDs, issue IDs, search terms, titles, descriptions) into the query string without proper sanitization or escaping. This allows an attacker to inject arbitrary GraphQL fragments, potentially leading to unauthorized data access, modification, or denial of service against the Linear API. For example, injecting `\", "malicious": "query` into a string parameter could break out of the intended field and execute arbitrary GraphQL. Implement robust input sanitization and escaping for all user-provided arguments before embedding them into GraphQL queries. Consider using a GraphQL client library that handles parameterization and escaping automatically, or manually escape all special characters (e.g., double quotes, backslashes) in user input to prevent query structure manipulation. For shell scripts, this often involves careful quoting and potentially using a JSON-aware tool like `jq` to construct the payload safely. | LLM | scripts/linear.sh:119 | |
| CRITICAL | GraphQL Injection via Unsanitized User Input The `scripts/linear.sh` script constructs GraphQL queries by directly embedding user-supplied arguments (e.g., team IDs, issue IDs, search terms, titles, descriptions) into the query string without proper sanitization or escaping. This allows an attacker to inject arbitrary GraphQL fragments, potentially leading to unauthorized data access, modification, or denial of service against the Linear API. For example, injecting `\", "malicious": "query` into a string parameter could break out of the intended field and execute arbitrary GraphQL. Implement robust input sanitization and escaping for all user-provided arguments before embedding them into GraphQL queries. Consider using a GraphQL client library that handles parameterization and escaping automatically, or manually escape all special characters (e.g., double quotes, backslashes) in user input to prevent query structure manipulation. For shell scripts, this often involves careful quoting and potentially using a JSON-aware tool like `jq` to construct the payload safely. | LLM | scripts/linear.sh:124 | |
| CRITICAL | GraphQL Injection via Unsanitized User Input The `scripts/linear.sh` script constructs GraphQL queries by directly embedding user-supplied arguments (e.g., team IDs, issue IDs, search terms, titles, descriptions) into the query string without proper sanitization or escaping. This allows an attacker to inject arbitrary GraphQL fragments, potentially leading to unauthorized data access, modification, or denial of service against the Linear API. For example, injecting `\", "malicious": "query` into a string parameter could break out of the intended field and execute arbitrary GraphQL. Implement robust input sanitization and escaping for all user-provided arguments before embedding them into GraphQL queries. Consider using a GraphQL client library that handles parameterization and escaping automatically, or manually escape all special characters (e.g., double quotes, backslashes) in user input to prevent query structure manipulation. For shell scripts, this often involves careful quoting and potentially using a JSON-aware tool like `jq` to construct the payload safely. | LLM | scripts/linear.sh:153 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/emrekilinc/linear-issues/scripts/linear.sh:26 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/emrekilinc/linear-issues/scripts/linear.sh:17 | |
| MEDIUM | Unpinned npm dependency version Dependency 'clawdhub' is not pinned to an exact version ('^0.3.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/emrekilinc/linear-issues/package.json | |
| MEDIUM | Unpinned Dependency in package.json The `package.json` file specifies `clawdhub` with a caret (`^`) version range (`^0.3.0`). This means that future installations could resolve to a newer, potentially incompatible or vulnerable version without explicit action, introducing supply chain risk. It's best practice to pin dependencies to exact versions or use tilde (`~`) for minor version updates if broader compatibility is desired. Pin the dependency to an exact version (e.g., `"clawdhub": "0.3.0"`) or use a tilde range (e.g., `"clawdhub": "~0.3.0"`) if minor updates are acceptable. Regularly audit and update dependencies. | LLM | package.json:17 | |
| MEDIUM | Unpinned Dependency in package.json The `package.json` file specifies `undici` with a caret (`^`) version range (`^7.19.1`). This means that future installations could resolve to a newer, potentially incompatible or vulnerable version without explicit action, introducing supply chain risk. It's best practice to pin dependencies to exact versions or use tilde (`~`) for minor version updates if broader compatibility is desired. Pin the dependency to an exact version (e.g., `"undici": "7.19.1"`) or use a tilde range (e.g., `"undici": "~7.19.1"`) if minor updates are acceptable. Regularly audit and update dependencies. | LLM | package.json:18 |
Scan History
Embed Code
[](https://skillshield.io/report/718fe026e69f1744)
Powered by SkillShield