Security Audit
linear-claude-skill
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
linear-claude-skill received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 5 critical, 5 high, 1 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, File read + network send exfiltration, Sensitive path access: AI agent config.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/linear-claude-skill/SKILL.md:128 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/linear-claude-skill/SKILL.md:109 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/linear-claude-skill/SKILL.md:132 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/linear-claude-skill/SKILL.md:142 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/linear-claude-skill/SKILL.md:469 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/linear-claude-skill/SKILL.md:109 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/linear-claude-skill/SKILL.md:132 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/linear-claude-skill/SKILL.md:142 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/linear-claude-skill/SKILL.md:469 | |
| HIGH | Potential Command Injection via User-Controlled Arguments The skill documentation instructs the LLM to construct and execute shell commands (`npx tsx scripts/...`, `linear issues ...`) where arguments like issue titles, descriptions, and project names are expected to be provided by the user. If the LLM directly interpolates unsanitized user input into these shell commands, a malicious user could inject arbitrary shell commands (e.g., `Title: 'My Title'; rm -rf /'`) leading to command injection and arbitrary code execution within the skill's sandbox. The LLM must be explicitly instructed to sanitize all user-provided arguments before constructing and executing shell commands. This typically involves proper quoting and escaping of special characters. Alternatively, if the host environment provides a safer execution mechanism (e.g., a tool call that accepts arguments as a list rather than a single string), that mechanism should be preferred. | LLM | SKILL.md:120 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/linear-claude-skill/SKILL.md:128 |
Scan History
Embed Code
[](https://skillshield.io/report/62991a4e32edbb9f)
Powered by SkillShield