linear-todos
Manages todos via Linear's API, allowing users to create tasks with natural language dates and priorities through a CLI tool.
Install this skill
or
57/100
Security score
The linear-todos skill was audited on Feb 28, 2026 and we found 11 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 11
Access to hidden dotfiles in home directory
SourceSKILL.md
| 11 | config: [~/.config/linear-todos/config.json] |
medium line 22
Access to hidden dotfiles in home directory
SourceSKILL.md
| 22 | > **🔐 Security Note:** This skill stores your Linear API key in plaintext JSON at `~/.config/linear-todos/config.json` **only if you run the `setup` command**. Use a dedicated API key with minimal sc |
medium line 36
Access to hidden dotfiles in home directory
SourceSKILL.md
| 36 | **Config Path:** `~/.config/linear-todos/config.json` (created by `setup`, permissions 0o600) |
medium line 43
Access to hidden dotfiles in home directory
SourceSKILL.md
| 43 | - **Data Storage:** Stores your API key and config in `~/.config/linear-todos/config.json` (plaintext, permissions 0o600) **only if you run the `setup` command**. Team/issue data is fetched fresh each |
medium line 122
Access to hidden dotfiles in home directory
SourceSKILL.md
| 122 | - Save settings to `~/.config/linear-todos/config.json` (plaintext JSON) |
medium line 135
Access to hidden dotfiles in home directory
SourceSKILL.md
| 135 | Or create `~/.config/linear-todos/config.json`: |
medium line 258
Access to hidden dotfiles in home directory
SourceSKILL.md
| 258 | - Saving settings to `~/.config/linear-todos/config.json` |
medium line 356
Access to hidden dotfiles in home directory
SourceSKILL.md
| 356 | 2. Config file: `~/.config/linear-todos/config.json` |
low line 30
External URL reference
SourceSKILL.md
| 30 | | `LINEAR_API_KEY` | **Yes** | Your Linear API key from [linear.app/settings/api](https://linear.app/settings/api) | |
low line 42
External URL reference
SourceSKILL.md
| 42 | - **HTTP Requests:** Makes HTTPS requests **only** to `https://api.linear.app/graphql` (Linear's official API). No telemetry, no third-party services. |
low line 109
External URL reference
SourceSKILL.md
| 109 | Get your API key from [linear.app/settings/api](https://linear.app/settings/api). **Recommendation:** Create a dedicated API key with minimal scope for this skill. |
Scanned on Feb 28, 2026
View Security Dashboard