Atlassian MCP (Jira, Confluence)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: atlassian-mcp Version: 1.0.0 The skill bundle is designed to run a Docker container for Atlassian integration, requiring Jira API credentials. The `SKILL.md` and `scripts/run_mcp_atlassian.sh` clearly define this purpose. The script passes sensitive `JIRA_API_TOKEN` as an environment variable to the Docker container but avoids echoing it to stdout, and uses `docker run --rm` to prevent persistence. There is no evidence of prompt injection, data exfiltration from the host system, or other malicious activities within the analyzed files. The behavior is consistent with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or hijacked agent workflow could create or change Jira work items or projects under your account.
This exposes Jira management and mutation workflows to the agent, but the artifacts do not define project limits, read-only operation, human confirmation, or rollback behavior.
Reference the container as an MCP source in your Clawdbot config to query issues, create tasks, or manage Jira directly from your agent.
Use least-privilege, project-limited credentials where possible and require explicit user confirmation before create, update, delete, or project-management actions.
If the remote image changes or is compromised, it could use the supplied Jira token with the permissions of that token.
The skill pulls an unpinned remote Docker image and passes a Jira API token into it; the image implementation is not included in the reviewed artifacts.
docker pull ghcr.io/sooperset/mcp-atlassian:latest ... JIRA_API_TOKEN=your_api_token ... ghcr.io/sooperset/mcp-atlassian:latest
Pin the Docker image to a trusted version or digest, verify the upstream project, review or build the image yourself if possible, and rotate the token if you later distrust the image.
Actions taken through the MCP server can operate as the Jira user associated with the token.
The script intentionally passes Jira account credentials to the MCP container. This is expected for the integration, but the token may carry broad account permissions.
-e JIRA_USERNAME="$JIRA_USERNAME" \ -e JIRA_API_TOKEN="$JIRA_API_TOKEN" \
Use a dedicated service account or least-privilege token rather than a personal or admin token, and restrict Jira permissions to the projects and actions needed.
Private Atlassian issue or page content may be visible in the agent session and any downstream outputs the user requests.
Jira or Confluence data returned by the MCP tools will be made available to the agent context. This is purpose-aligned, but it is a sensitive data flow users should understand.
Once running, the MCP server exposes Jira tools for use.
Connect only workspaces and projects you are comfortable exposing to the agent, and avoid asking the agent to share sensitive ticket or page contents outside approved channels.