linear-cli

SUSPICIOUS: the skill’s purpose is coherent, and the documented install sources appear publisher-consistent with verifiable releases. However, it asks the agent to install and trust a non-official third-party Linear CLI, then forward a live Linear API key to it and perform impactful external actions. Data flows appear to target official Linear services rather than an interception proxy, so this is not confirmed malware, but the supply-chain and credential-forwarding footprint is larger than ideal for a simple issue-management skill.