Atlassian MCP (Jira, Confluence)
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a plausible Atlassian MCP wrapper, but it gives an unpinned Docker container your Jira token and exposes Jira management actions without clear scope or approval guardrails.
Review before installing. Only use this if you trust the Docker image source, preferably pin the image to a specific digest, and provide a dedicated least-privilege Atlassian token. Treat create, update, delete, and project-management actions as high-impact and require explicit approval before the agent performs them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or hijacked agent workflow could create or change Jira work items or projects under your account.
This exposes Jira management and mutation workflows to the agent, but the artifacts do not define project limits, read-only operation, human confirmation, or rollback behavior.
Reference the container as an MCP source in your Clawdbot config to query issues, create tasks, or manage Jira directly from your agent.
Use least-privilege, project-limited credentials where possible and require explicit user confirmation before create, update, delete, or project-management actions.
If the remote image changes or is compromised, it could use the supplied Jira token with the permissions of that token.
The skill pulls an unpinned remote Docker image and passes a Jira API token into it; the image implementation is not included in the reviewed artifacts.
docker pull ghcr.io/sooperset/mcp-atlassian:latest ... JIRA_API_TOKEN=your_api_token ... ghcr.io/sooperset/mcp-atlassian:latest
Pin the Docker image to a trusted version or digest, verify the upstream project, review or build the image yourself if possible, and rotate the token if you later distrust the image.
Actions taken through the MCP server can operate as the Jira user associated with the token.
The script intentionally passes Jira account credentials to the MCP container. This is expected for the integration, but the token may carry broad account permissions.
-e JIRA_USERNAME="$JIRA_USERNAME" \ -e JIRA_API_TOKEN="$JIRA_API_TOKEN" \
Use a dedicated service account or least-privilege token rather than a personal or admin token, and restrict Jira permissions to the projects and actions needed.
Private Atlassian issue or page content may be visible in the agent session and any downstream outputs the user requests.
Jira or Confluence data returned by the MCP tools will be made available to the agent context. This is purpose-aligned, but it is a sensitive data flow users should understand.
Once running, the MCP server exposes Jira tools for use.
Connect only workspaces and projects you are comfortable exposing to the agent, and avoid asking the agent to share sensitive ticket or page contents outside approved channels.