Atlassian MCP (Jira, Confluence)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Atlassian MCP helper, but it gives a third-party Docker container and an agent broad access to Jira credentials and Jira-changing actions without enough guardrails.

Install only if you trust the upstream Docker image and are comfortable exposing selected Jira or Confluence data to an agent. Prefer a dedicated least-privilege Atlassian account or token, pin the Docker image to a reviewed version or digest, avoid putting tokens directly in shell history, and require explicit approval before any Jira create, update, delete, or project-management action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documentation instructs users to supply a Jira API token via environment variables and shell invocation without any warning about credential exposure. Environment variables can be leaked through shell history, process inspection, CI logs, crash dumps, or inherited subprocess environments, so normalizing this pattern in a skill increases the chance of accidental secret disclosure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal