linear-webhook
Automates task dispatching in Linear by routing comments to designated agents via webhooks, enhancing team collaboration and efficiency.
Install this skill
Security score
The linear-webhook skill was audited on Feb 9, 2026 and we found 29 security issues across 2 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
AI Security Analysis
An AI model reviewed this skill's content and provided the following security assessment:
The skill involves webhooks and external calls, which can potentially lead to data exfiltration if not properly secured. While the skill has a legitimate purpose, the presence of multiple webhook references and external URLs raises concerns about the potential for misuse or unintended data exposure.
Security Issues
Curl to non-GitHub URL
| 155 | - Verify tunnel is running: `curl https://your-tunnel.trycloudflare.com/hooks/linear` |
Webhook reference - potential data exfiltration
| 2 | name: linear-webhook |
Webhook reference - potential data exfiltration
| 3 | description: "Comment @mason or @eureka in Linear issues to dispatch tasks to agents. Webhook receives Linear comments and routes to correct agent." |
Webhook reference - potential data exfiltration
| 6 | # Linear Webhook Skill |
Webhook reference - potential data exfiltration
| 13 | 2. **Linear webhook fires** on comment creation |
Webhook reference - potential data exfiltration
| 14 | 3. **Clawdbot receives webhook** via exposed endpoint |
Webhook reference - potential data exfiltration
| 27 | ### 1. Configure Clawdbot Webhooks |
Webhook reference - potential data exfiltration
| 37 | transformsDir: "/home/sven/clawd-mason/skills/linear-webhook", |
Webhook reference - potential data exfiltration
| 48 | export: "transformLinearWebhook" |
Webhook reference - potential data exfiltration
| 57 | ### 2. Expose Webhook Endpoint |
Webhook reference - potential data exfiltration
| 59 | Use Cloudflare Tunnel or Tailscale Funnel to make webhook publicly accessible: |
Webhook reference - potential data exfiltration
| 78 | ### 3. Configure Linear Webhook |
Webhook reference - potential data exfiltration
| 80 | 1. Go to Linear Settings → API → Webhooks |
Webhook reference - potential data exfiltration
| 81 | 2. Click "Create new webhook" |
Webhook reference - potential data exfiltration
| 85 | 6. Save webhook |
Webhook reference - potential data exfiltration
| 95 | 1. Webhook fires to Clawdbot |
Webhook reference - potential data exfiltration
| 148 | - Verify webhook source (Linear's IP ranges if needed) |
Webhook reference - potential data exfiltration
| 153 | ### Webhook not firing |
Webhook reference - potential data exfiltration
| 154 | - Check Linear webhook logs (Settings → API → Webhooks → View logs) |
Webhook reference - potential data exfiltration
| 180 | - `linear-transform.js` - Webhook payload parser and agent router |
Webhook reference - potential data exfiltration
| 182 | - `example-payload.json` - Sample Linear webhook payload for testing |
Webhook reference - potential data exfiltration
| 186 | - [Clawdbot Webhook Docs](/automation/webhook) |
Webhook reference - potential data exfiltration
| 187 | - [Linear Webhooks API](https://developers.linear.app/docs/graphql/webhooks) |
External URL reference
| 67 | cloudflared tunnel --url http://localhost:18789 |
External URL reference
| 76 | Note the public URL (e.g., `https://your-tunnel.trycloudflare.com`) |
External URL reference
| 82 | 3. Set URL: `https://your-tunnel.trycloudflare.com/hooks/linear` |
External URL reference
| 155 | - Verify tunnel is running: `curl https://your-tunnel.trycloudflare.com/hooks/linear` |
External URL reference
| 187 | - [Linear Webhooks API](https://developers.linear.app/docs/graphql/webhooks) |
External URL reference
| 188 | - [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/) |