Is linear safe?

https://clawhub.ai/ManuelHettich/linear

68
CAUTION

This skill is essentially an empty repository containing only a ClawHub lock file referencing 'academic-research-hub'. No SKILL.md, source code, or package.json exists. Installation failed due to rate limiting before completion, preventing full behavioral assessment. The OpenClaw runtime accessed sensitive files (.env, .aws/credentials, auth-profiles.json) during the install process, though this appears to be platform behavior rather than skill-initiated. The incomplete audit and sensitive file access warrant caution.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 40/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 55/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 55/100 · 5%

Findings (6)

HIGH Sensitive credential files accessed during installation -60

The filesystem monitor recorded reads of /home/oc-exec/.env, /home/oc-exec/.aws/credentials, and /home/oc-exec/.openclaw/agents/main/agent/auth-profiles.json during the skill installation process. While these reads likely originate from the OpenClaw platform runtime rather than the skill code itself, the skill's installation context triggered access to files containing secrets and authentication tokens.

MEDIUM Broad filesystem access during installation -45

Installation triggered reads of .profile, .bashrc, nsswitch.conf, and multiple OpenClaw config files, plus created temporary files in /tmp/openclaw-1000/ and /tmp/jiti/. While individually these are normal runtime behaviors, the aggregate pattern shows the install process touches far more of the filesystem than a minimal skill install should require.

MEDIUM Empty skill with incomplete installation -45

The skill repository contains only a .clawhub/lock.json file with no SKILL.md, no source code, and no package.json. The lock.json references 'academic-research-hub' as an installed dependency. Installation failed with 'Rate limit exceeded' before completion, meaning the full runtime behavior of this skill could not be assessed.

LOW Transpiled modules created in /tmp during install -25

The jiti transpiler created multiple .cjs files in /tmp/jiti/ during installation, including modules for memory-core, plugin-sdk, channels-registry, and config schemas. This is standard OpenClaw platform behavior but represents code generation triggered by the skill install process.

INFO No SKILL.md content — skill definition is missing -10

The skill has no SKILL.md file, meaning it provides no instructions to the agent. While this eliminates prompt injection risk from the skill text, it also means the skill has no declared purpose or behavior, making its intent opaque.

INFO Canary files intact 0

All honeypot credential files remained unmodified, indicating no targeted credential harvesting via the canary detection mechanism.