Jules API
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Google Jules API wrapper, but it can start autonomous coding work on connected GitHub repositories and its helper script defaults to running without plan approval.
Install only if you are comfortable giving the agent access to a Jules API key connected to your GitHub repositories. Prefer requiring plan approval, avoid automatic PR creation unless specifically desired, and review the exact repository, branch, and task before creating a session.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad task could cause Jules to make repository changes or create pull requests before the user has reviewed a plan.
The script defaults new coding sessions to no plan approval and supports automatic PR creation, giving the agent a high-impact action path on connected GitHub repositories unless the user deliberately opts into approval.
echo " --approve: require plan approval (default: auto-approve)" ... REQUIRE_APPROVAL="false" ... --auto-pr) AUTOMATION_MODE="AUTO_CREATE_PR"
Default to requiring plan approval, use --auto-pr only after explicit user confirmation, and restrict invocations to a specific repository, branch, and task description chosen by the user.
Anyone or any agent with access to this API key could interact with the user’s Jules sessions and connected repositories within the key’s permissions.
The skill clearly uses a Jules API key and that key enables actions tied to the user’s Jules account and connected GitHub repositories. This is expected for the stated purpose, but it is sensitive account authority.
**Auth:** Pass your API key via the `x-goog-api-key` header. ... Jules can autonomously execute coding tasks on your GitHub repositories
Use a dedicated Jules API key if possible, keep it out of logs and shared prompts, and revoke or rotate it if the skill is no longer needed.
A Jules session may keep working remotely until completion, failure, deletion, or user intervention.
The skill intentionally launches work performed by an external autonomous coding agent. This is disclosed and purpose-aligned, but remote sessions may continue after the local command returns.
Jules can autonomously execute coding tasks on your GitHub repositories — writing code, fixing bugs, adding tests, and creating pull requests.
Monitor sessions after creation, require plan approval for non-trivial tasks, and delete or pause sessions that are no longer wanted.