Trust Assessment
linearis received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential for arbitrary file upload via `linearis embeds upload`, Potential for arbitrary file download and placement via `linearis embeds download`, Unpinned dependency in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for arbitrary file upload via `linearis embeds upload` The skill exposes the `linearis embeds upload` command, which can be used to upload local files. If an LLM is prompted with a user-controlled file path, it could lead to the exfiltration of sensitive files from the agent's environment. Restrict the LLM's ability to construct arbitrary file paths for the `linearis embeds upload` command. Implement strict input validation or sandboxing for file paths, or consider if this capability is truly necessary for the agent's function. If possible, limit uploads to specific, non-sensitive directories. | LLM | SKILL.md:49 | |
| HIGH | Potential for arbitrary file download and placement via `linearis embeds download` The skill exposes the `linearis embeds download` command, which allows downloading content from any URL to a specified local path. An LLM, if prompted with a malicious URL or output path, could be coerced into downloading harmful files, overwriting system files, or consuming excessive disk space, potentially leading to command injection or denial of service. Restrict the LLM's ability to provide arbitrary URLs and output paths for the `linearis embeds download` command. Implement strict allow-listing for URLs and ensure downloads are directed only to sandboxed, temporary, or non-executable directories. Validate file types and sizes. | LLM | SKILL.md:50 | |
| MEDIUM | Unpinned dependency in installation instructions The installation command `npm install -g linearis` does not specify a version. This means the skill will always install the latest version of the `linearis` package, which could introduce supply chain risks if a future version contains vulnerabilities, breaking changes, or malicious code. It also makes the skill's behavior non-deterministic. Pin the dependency to a specific version (e.g., `npm install -g linearis@1.0.0`) to ensure deterministic behavior and mitigate risks from unreviewed future updates. Regularly review and update the pinned version. | LLM | SKILL.md:10 | |
| INFO | API Token handling via environment variable or file The skill requires a `LINEAR_API_TOKEN` which can be set via an environment variable or a file (`~/.linear_api_token`). This indicates that the agent will operate with direct access to a sensitive API key. While this is standard practice, it highlights the importance of securing the agent's environment and ensuring the LLM does not expose this token. Ensure the agent's execution environment is secured. Implement least privilege for the API token, and ensure the LLM is strictly prevented from echoing or logging the token. Consider using short-lived tokens or role-based access where possible. | LLM | SKILL.md:14 |
Scan History
Embed Code
[](https://skillshield.io/report/a8da50f99bf3d832)
Powered by SkillShield