PRODUCTIVITY

linear-mcp

Linear's official MCP server. Read and write issues, projects, cycles, comments, and labels. API-key authenticated. The 'agent inside your project tracker' enabler.

Alive Recommended REVIEWED 2026-05-07
VERDICT

Default if your team uses Linear for issue tracking. Workspace-level API keys are coarse — use a dedicated bot user where possible, scope what the bot can see via Linear's permissions.

What it does

Linear’s MCP server wraps their GraphQL API. Tools cover search_issues, get_issue, create_issue, update_issue, add_comment, assign_issue, move_issue_to_project, list_cycles, list_projects. Auth is a Linear API key (personal or — better — bot-user-issued).

When you actually need it

Linear sits in the middle of many engineering teams’ workflows — issues, projects, cycles. An agent that reads and writes Linear is a fit for:

  1. Issue triage automation. When a new issue lands in a configured team, agent reads the body, drafts a label set + priority + assignee suggestion, posts a comment. Human approves the actual assignment.
  2. Standup summaries. Agent reads what each team-member has done this cycle (issue status changes, comments), drafts a stand-up summary.
  3. Cross-tool orchestration. Issue arrives in Linear → agent finds related Slack thread → agent finds related GitHub PR → drafts a connection comment that ties them together.
  4. Cycle planning prep. Agent surfaces issues that are blocked, stale, or scope-creeping for the next cycle planning meeting.

Setup

Generate an API key at linear.app → Settings → API → Personal API keys. Or — preferred — create a dedicated bot user with team-scoped membership and generate the key as that user.

"linear": {
  "command": "npx",
  "args": ["-y", "@linear/mcp-server"],
  "env": {
    "LINEAR_API_KEY": "lin_api_…"
  }
}

The catch

Personal API keys inherit your access. Anything you can see, the agent can see. For a 50-person engineering org, this is usually fine for read-only agents (your access is appropriate). For agents that write — create issues, change assignees, move issues — the blast radius is whatever team-set you have permission for.

Two cleaner patterns:

  1. Dedicated bot user. Create a Linear bot user. Add to specific teams only. Generate the API key as that user. Now the agent’s blast radius is exactly the teams you’ve added the bot to.
  2. OAuth bot integration. For workspace-installed bots, Linear’s OAuth flow scopes per-workspace and includes revocation. More setup; cleaner story for shared agents.

For agents that comment / write but don’t change assignment / status: even the personal-key path is reasonable, paired with host-level approval gates on writes.

For agents that change priority, assign issues, move issues across projects: bot-user path is required.

▸ MCP SECURITY SCORECARD Methodology v1.0 · Confidence HIGH · Reviewed 2026-05-07 · Next review due 2026-08-07
METHODOLOGY ↗
ADOPT WITH LIMITS

FOR: Linear workspace operations using a dedicated bot user with team-scoped membership.

Use a dedicated bot user, not a personal API key, for any shared / production agent. Add the bot only to the teams it should access. Pair destructive tools (create / move / assign) with host-level approval gates.

Maintainer corp

Linear team maintains.

Licence MIT
Code review yes
Secrets handling scoped

API key via env. Server doesn't log or persist.

Sandbox process
Filesystem access none
Shell access no
Network egress allow-list

api.linear.app only.

OAuth handling broad

Personal API keys inherit user permissions across all team memberships. OAuth bot integrations scope per-workspace and are preferred for shared agents.

Default permissions broad

Personal keys: whatever the user can see. Dedicated bot user: scoped to bot's team membership. Use the latter for shared agents.

Prompt-injection exposure high

Issue bodies, comments, descriptions are full of user-authored content. Hostile content from any team-member or external commenter can attempt to redirect the agent. Treat all output as untrusted.

Supply chain surface low

MCP SDK + Linear's official @linear/sdk.

Dep CVE surface clean
Rate-limit risk medium

Linear API rate limits (1500 req / hour for read, lower for write). Bursty agents hit ceilings faster than steady use.

Signed releases yes

npm package with provenance attestations.

Security policy yes
Telemetry none
Data residency cloud

Linear's infrastructure (US primarily; EU region for EU customers).

Credential storage memory
DESTRUCTIVE TOOLS

7 present · human approval optional

  • create_issue
  • update_issue
  • add_comment
  • assign_issue
  • delete_issue
  • archive_issue
  • move_issue

NOT A FORMAL SECURITY AUDIT · Adoption posture based on public-source review · See methodology for what's measured and what isn't