Drift inferred · capture-to-capture
No drift recorded — single capability capture; advisories appear once its surface changes.
transport stdio · http counts 0 tools · 0 res
· 0 prompts
permission surface via code analysis
no tools enumerated yet for this server.
prompt-surface
shipped agent-instruction files + hidden-content / dangerous-code findings —
quoted from the analyzed source
analyzed commit 023ac90 · analyzer v18 · 8h ago
danger signals1
- credential in logscredential in logcline-linear-mcp-023ac90/scripts/get-test-tokens.ts:34
console.log(`LINEAR_API_KEY=${process.env.LINEAR_API_KEY}`);
evidence-backed
findings quoted directly from the published source artifact — not inferred
network 1
- net cline-linear-mcp-023ac90/src/auth.ts :90
const response = await fetch(`${LinearAuth.OAUTH_TOKEN_URL}/oauth/token`, {
secrets 2
- secrets cline-linear-mcp-023ac90/scripts/get-test-tokens.ts :11
if (process.env.LINEAR_API_KEY) { - secrets cline-linear-mcp-023ac90/src/index.ts :41
const apiKey = process.env.LINEAR_API_KEY;
declared dependencies 17
- @graphql-typed-document-node/core@^3.2.0
- @linear/sdk@^38.0.0
- @modelcontextprotocol/sdk@^1.4.0
- graphql@^16.10.0
- graphql-tag@^2.12.6
- @types/dotenv@^8.2.3
- @types/express@^5.0.0
- @types/jest@^29.5.14
- @types/node@^22.10.10
- dotenv@^16.4.7
- express@^4.21.2
- jest@^29.7.0
- nodemon@^3.1.9
- open@^10.1.0
- ts-jest@^29.2.5
- ts-node@^10.9.2
- typescript@^5.7.3