Jiraandconfluence Skill
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward Atlassian reader skill, but users should review its API-token handling, placeholder domain setup, and optional write capability before use.
This skill is reasonable for reading Jira and Confluence data, but configure it carefully: replace the placeholder Atlassian domain, use read-only least-privilege API tokens, avoid granting write scopes unless you truly need comment posting, and confirm any write action before allowing the agent to perform it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If write-scoped tokens are used, the agent could be guided to post comments to work systems rather than only read from them.
Posting comments can mutate Jira or Confluence content. It is disclosed and described as optional, but it is broader than the skill's retrieval-and-summary framing.
`POST /comment` – add comments to tickets or pages (optional).
Use read-only tokens unless you explicitly need commenting, and require clear user approval before any write action.
Users may expose more Atlassian account authority to the skill environment than is necessary for a specific task.
The helper requires both Jira and Confluence tokens to be present, even though a single read command may only need one service's token.
if [[ -z "${JIRA_API_TOKEN}" || -z "${CONFLUENCE_API_TOKEN}" ]]; thenUse least-privilege, read-only tokens and consider changing the helper so Jira commands require only Jira credentials and Confluence commands require only Confluence credentials.
Installation or first use may be less predictable because required local tools and credentials are not declared in the registry metadata.
The metadata under-declares runtime needs compared with the artifacts, which use API-token environment variables and shell commands such as curl and jq.
Required binaries (all must exist): none ... Required env vars: none ... Primary credential: none
Verify that curl and jq are installed, configure the Atlassian domain and tokens deliberately, and prefer metadata that accurately declares required credentials and tools.