managing-linear

SUSPICIOUS: the skill’s purpose matches Linear issue management, but it relies on an unpinned third-party personal CLI executed through `npx -y` and passes Linear API credentials into that code. Data flows seem consistent with Linear usage and there is no clear proxy exfiltration or hidden behavior, so this is not confirmed malware; the main risk is supply-chain trust plus credential forwarding to non-Linear software.