ClawHub
Back to skill

Security audit

Jiraandconfluence Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Jira and Confluence reader that needs Atlassian tokens, with minor hardening caveats but no evidence of hidden or malicious behavior.

Install only for agents that should access your Jira or Confluence data. Use least-privilege read-only Atlassian tokens by default, replace the placeholder domain carefully, avoid write-scoped tokens unless you truly need comment posting, and treat unusual issue keys or page references as untrusted input.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.