Security Review agent claims it cannot create Linear tasks but it definitely can

Not sure if this is a bug report or something I am doing wrong. I configured Security Review agent (the new feature that just rolled out) and my custom prompt instructions specifically ask the agent to create a Linear ticket for each finding.

When it runs, the output that arrives in Slack reads:

“(contents of report) Note: Linear MCP requires authentication — unable to create Linear tasks automatically. Please add findings to DEV board manually or authenticate Linear in Cursor Dashboard.”

Linear is configured as an MCP tool both in my Team level (Integrations & MCP teamwide) and also specifically for the Security Review agent (the configuration that appears under MCPs in the Security Review editor). I think either I am doing something wrong- or else the Security Agent isn’t self aware enough to know what tools it has access to?

You’re not doing anything wrong. This is a known bug — Linear MCP authentication doesn’t currently work in automations (including Security Review). The OAuth redirect URI used by automations isn’t accepted by Linear’s authorization server, so the Linear MCP server enters an unauthenticated state at runtime. The agent then correctly reports that it can’t use those tools.

The same issue was reported in this thread, and our team is tracking the fix. Unfortunately, there’s no workaround for the native cursor.com/automations flow right now.

I’m merging this thread into the existing one so updates are in one place.

Thank you for your attention and for validating I wasn’t doing anything wrong