Security audit

Linear

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Linear integration, but it includes broad direct GraphQL mutation access that can change business data beyond the curated action list.

Install only if you are comfortable granting this skill broad Linear workspace access through your OOMOL connection. Prefer curated actions for normal work, review any `run_mutation` payload carefully, and require explicit approval before writes or deletions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill exposes `run_query` and especially `run_mutation`, which allow arbitrary GraphQL operations against Linear beyond the curated action list. In an agent setting, this bypasses the skill's intended guardrails and can enable unreviewed reads or writes, including operations not explicitly documented or safety-tagged in the skill.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.