Linear

SUSPICIOUS. The core Linear integrations and official MCP/API data flows are mostly coherent with the stated purpose, but the skill’s footprint is broader than necessary: Bash is enabled, local Claude session JSONL is read for image extraction, and an optional third-party `lin` CLI from an independent publisher is recommended. This is not clearly malicious, but the combination of broad execution access, local sensitive file access, and credential forwarding to helper tooling makes it medium risk rather than benign.