中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
linear-cli
Use the linear-cli agent-native runtime to read and mutate Linear from Claude Code, Codex, or other agents
This is a legitimate Linear CLI wrapper skill with no malicious behavior. All capabilities are clearly documented and the script is a documentation generator for the CLI tool.
技能名称linear-cli
分析耗时32.1s
引擎pi
可以安装
No action needed. The skill is safe to use as documented.

安全发现 1 项

严重性 安全发现 位置
低危
Implicit filesystem read capability 文档欺骗
The skill uses --description-file and --body-file flags but filesystem:READ is not explicitly declared in allowed-tools. This is a minor gap as it's CLI tool behavior, not custom code.
--description-file for `issue create` and `issue update`
→ Consider adding Read to declared allowed-tools if filesystem access is expected to be used directly by agents
 SKILL.md:50
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 SKILL.md declares Bash(linear:*) and Bash(curl:*) for executing the Linear CLI a…
文件系统 NONE READ ✓ 一致 SKILL.md shows --description-file and --body-file flags for reading local files,…
网络访问 READ READ ✓ 一致 SKILL.md documents https://api.linear.app/graphql as the Linear API endpoint
1 项发现
🔗
中危 外部 URL 外部 URL
https://api.linear.app/graphql
SKILL.md:207

目录结构

27 文件 · 150.1 KB · 4120 行
Markdown 26f · 3765L TypeScript 1f · 355L
├─ 📁 references
│ ├─ 📝 api.md Markdown 24L · 1.0 KB
│ ├─ 📝 auth.md Markdown 165L · 4.8 KB
│ ├─ 📝 capabilities.md Markdown 30L · 1.3 KB
│ ├─ 📝 commands.md Markdown 53L · 2.2 KB
│ ├─ 📝 commands.template.md Markdown 33L · 1018 B
│ ├─ 📝 config.md Markdown 20L · 569 B
│ ├─ 📝 cycle.md Markdown 199L · 6.7 KB
│ ├─ 📝 document.md Markdown 157L · 6.2 KB
│ ├─ 📝 initiative-update.md Markdown 73L · 2.5 KB
│ ├─ 📝 initiative.md Markdown 249L · 9.9 KB
│ ├─ 📝 issue.md Markdown 870L · 37.9 KB
│ ├─ 📝 label.md Markdown 98L · 3.2 KB
│ ├─ 📝 milestone.md Markdown 163L · 6.2 KB
│ ├─ 📝 notification.md Markdown 116L · 3.8 KB
│ ├─ 📝 organization-features.md Markdown 85L · 1.9 KB
│ ├─ 📝 project-label.md Markdown 51L · 1.5 KB
│ ├─ 📝 project-update.md Markdown 73L · 2.4 KB
│ ├─ 📝 project.md Markdown 247L · 9.4 KB
│ ├─ 📝 resolve.md Markdown 155L · 5.3 KB
│ ├─ 📝 schema.md Markdown 21L · 631 B
│ ├─ 📝 team.md Markdown 182L · 5.9 KB
│ ├─ 📝 user.md Markdown 75L · 2.1 KB
│ ├─ 📝 webhook.md Markdown 172L · 6.9 KB
│ └─ 📝 workflow-state.md Markdown 74L · 2.0 KB
├─ 📁 scripts
│ └─ 📜 generate-docs.ts TypeScript 355L · 10.1 KB
├─ 📝 SKILL.md Markdown 211L · 8.6 KB
└─ 📝 SKILL.template.md Markdown 169L · 6.0 KB

依赖分析 1 项

包名版本来源已知漏洞备注
linear-cli unspecified external CLI External dependency - skill is a wrapper, actual CLI must be installed separately

安全亮点

✓ No credential harvesting or exfiltration - linear auth token is documented as a user-facing command
✓ No base64 or obfuscated code execution
✓ No remote script download or pipe-to-bash patterns
✓ Network requests only to known Linear API endpoint (api.linear.app)
✓ All shell commands go through the linear CLI tool, not arbitrary subprocess execution
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
✓ Well-documented skill with comprehensive reference documentation