linear-graphql-skill

The skill is coherently scoped to its stated purpose: it provides a legitimate pathway to perform Linear GraphQL operations via a standard CLI integration, with appropriate support for both API keys and OAuth. The install/execution model relies on the established uxC/linear-graphql-cli workflow and official Linear API endpoints. Data flows involve standard API requests/responses and credential handling through a dedicated credential store, which is appropriate for a developer tooling scenario. While credential handling remains a sensitive area, the patterns are conventional and aligned with typical API integrations. Overall risk is low to moderate (securityRisk around 0.25–0.35; malware near 0.05), with no evident supply-chain or exfiltration patterns. Vigilance around credential storage, log exposure, and write-scope operations is recommended to maintain a benign posture.