linear-multi-env-setup

Facilitates the configuration of Linear across multiple environments, enhancing deployment management and API key handling.

Install this skill

or

0/100

Security score

The linear-multi-env-setup skill was audited on Feb 25, 2026 and we found 54 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 100

Template literal with variable interpolation in command context

SourceSKILL.md

100	const path = `secret/data/linear/${environment}`;

medium line 119

Template literal with variable interpolation in command context

SourceSKILL.md

119	SecretId: `linear/${environment}`,

medium line 136

Template literal with variable interpolation in command context

SourceSKILL.md

136	const secretName = `linear-${environment}`;

medium line 139

Template literal with variable interpolation in command context

SourceSKILL.md

139	name: `projects/${projectId}/secrets/${secretName}/versions/latest`,

medium line 227

Template literal with variable interpolation in command context

SourceSKILL.md

227	console.log(`Archived issue ${issueId} (production safe mode)`);

medium line 231

Template literal with variable interpolation in command context

SourceSKILL.md

231	console.log(`Deleted issue ${issueId}`);

medium line 271

Template literal with variable interpolation in command context

SourceSKILL.md

271

```yaml

medium line 312

Template literal with variable interpolation in command context

SourceSKILL.md

312	console.log(`Validating ${env} environment...`);

medium line 317

Template literal with variable interpolation in command context

SourceSKILL.md

317	console.log(` API Key: Valid (${viewer.email})`);

medium line 322

Template literal with variable interpolation in command context

SourceSKILL.md

322	console.log(` Default Team (${config.defaultTeamKey}): ${hasDefaultTeam ? "Found" : "NOT FOUND"}`);

medium line 325

Template literal with variable interpolation in command context

SourceSKILL.md

325	console.log(` Webhook Secret: ${config.webhookSecret ? "Set" : "NOT SET"}`);

low line 33

Webhook reference - potential data exfiltration

SourceSKILL.md

33	webhookSecret: string;

low line 37

Webhook reference - potential data exfiltration

SourceSKILL.md

37	webhooksEnabled: boolean;

low line 51

Webhook reference - potential data exfiltration

SourceSKILL.md

51	webhookSecret: process.env.LINEAR_WEBHOOK_SECRET_DEV!,

low line 55

Webhook reference - potential data exfiltration

SourceSKILL.md

55	webhooksEnabled: false, // Use polling in dev

low line 61

Webhook reference - potential data exfiltration

SourceSKILL.md

61	webhookSecret: process.env.LINEAR_WEBHOOK_SECRET_STAGING!,

low line 65

Webhook reference - potential data exfiltration

SourceSKILL.md

65	webhooksEnabled: true,

low line 71

Webhook reference - potential data exfiltration

SourceSKILL.md

71	webhookSecret: process.env.LINEAR_WEBHOOK_SECRET_PROD!,

low line 75

Webhook reference - potential data exfiltration

SourceSKILL.md

75	webhooksEnabled: true,

low line 105

Webhook reference - potential data exfiltration

SourceSKILL.md

105	webhookSecret: data.data.webhook_secret,

medium line 236

Webhook reference - potential data exfiltration

SourceSKILL.md

236	### Step 5: Environment-Specific Webhook Configuration

low line 238

Webhook reference - potential data exfiltration

SourceSKILL.md

238	// config/webhooks.ts

low line 239

Webhook reference - potential data exfiltration

SourceSKILL.md

239	interface WebhookConfig {

low line 245

Webhook reference - potential data exfiltration

SourceSKILL.md

245	const webhookConfigs: Record<string, WebhookConfig> = {

low line 247

Webhook reference - potential data exfiltration

SourceSKILL.md

247	url: "http://localhost:3000/api/webhooks/linear",

low line 252

Webhook reference - potential data exfiltration

SourceSKILL.md

252	url: "https://staging.yourapp.com/api/webhooks/linear",

low line 257

Webhook reference - potential data exfiltration

SourceSKILL.md

257	url: "https://yourapp.com/api/webhooks/linear",

low line 263

Webhook reference - potential data exfiltration

SourceSKILL.md

263	export function getWebhookConfig(): WebhookConfig {

low line 265

Webhook reference - potential data exfiltration

SourceSKILL.md

265	return webhookConfigs[env];

low line 302

Webhook reference - potential data exfiltration

SourceSKILL.md

302	LINEAR_WEBHOOK_SECRET: ${{ secrets.LINEAR_WEBHOOK_SECRET }}

low line 324

Webhook reference - potential data exfiltration

SourceSKILL.md

324	// Check webhook secret is set

low line 325

Webhook reference - potential data exfiltration

SourceSKILL.md

325	console.log(` Webhook Secret: ${config.webhookSecret ? "Set" : "NOT SET"}`);

low line 50

Access to .env file

SourceSKILL.md

50	apiKey: process.env.LINEAR_API_KEY_DEV!,

low line 51

Access to .env file

SourceSKILL.md

51	webhookSecret: process.env.LINEAR_WEBHOOK_SECRET_DEV!,

low line 60

Access to .env file

SourceSKILL.md

60	apiKey: process.env.LINEAR_API_KEY_STAGING!,

low line 61

Access to .env file

SourceSKILL.md

61	webhookSecret: process.env.LINEAR_WEBHOOK_SECRET_STAGING!,

low line 70

Access to .env file

SourceSKILL.md

70	apiKey: process.env.LINEAR_API_KEY_PROD!,

low line 71

Access to .env file

SourceSKILL.md

71	webhookSecret: process.env.LINEAR_WEBHOOK_SECRET_PROD!,

low line 82

Access to .env file

SourceSKILL.md

82	const env = process.env.NODE_ENV \|\| "development";

low line 95

Access to .env file

SourceSKILL.md

95	endpoint: process.env.VAULT_ADDR,

low line 96

Access to .env file

SourceSKILL.md

96	token: process.env.VAULT_TOKEN,

low line 135

Access to .env file

SourceSKILL.md

135	const projectId = process.env.GCP_PROJECT_ID;

low line 161

Access to .env file

SourceSKILL.md

161	if (process.env.NODE_ENV === "production") {

low line 186

Access to .env file

SourceSKILL.md

186	if (process.env.NODE_ENV !== "production") {

low line 192

Access to .env file

SourceSKILL.md

192	if (process.env.NODE_ENV === "production") {

low line 222

Access to .env file

SourceSKILL.md

222	const env = process.env.NODE_ENV;

low line 264

Access to .env file

SourceSKILL.md

264	const env = process.env.NODE_ENV \|\| "development";

low line 310

Access to .env file

SourceSKILL.md

310	const env = process.env.NODE_ENV;

low line 247

External URL reference

SourceSKILL.md

247	url: "http://localhost:3000/api/webhooks/linear",

low line 252

External URL reference

SourceSKILL.md

252	url: "https://staging.yourapp.com/api/webhooks/linear",

low line 257

External URL reference

SourceSKILL.md

257	url: "https://yourapp.com/api/webhooks/linear",

low line 342

External URL reference

SourceSKILL.md

342	- [Linear API Authentication](https://developers.linear.app/docs/graphql/authentication)

low line 343

External URL reference

SourceSKILL.md

343	- [12-Factor App Config](https://12factor.net/config)

low line 344

External URL reference

SourceSKILL.md

344	- [HashiCorp Vault](https://www.vaultproject.io/docs)

Scanned on Feb 25, 2026

View Security Dashboard

Install this skill with one command

/learn @vasic-digital/linear-multi-env-setup

Rate this skill

Categorymarketing

UpdatedMarch 29, 2026

openclaw backend growth-marketer product-manager backend-developer devops-sre technical-pm marketing product development

vasic-digital/SuperAgent