linear

SUSPICIOUS. The stated purpose is narrow and plausible, but the skill depends on an unofficial personal-repo CLI installed via unpinned curl|bash, then passes a real Linear API key into that binary. That combination is disproportionate to a simple read/search integration and creates substantial supply-chain and credential-forwarding risk.