Jira
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: jira-api Version: 1.0.7 The skill bundle provides documentation and examples for interacting with Jira Cloud via the Maton API proxy (api.maton.ai). It uses managed OAuth and requires a MATON_API_KEY environment variable. The SKILL.md file contains standard Python and CLI examples for searching, creating, and managing Jira issues, and it explicitly instructs the agent to seek user approval for all write operations. No malicious code, obfuscation, or unauthorized data exfiltration patterns were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved or used carelessly, broad Jira API calls could change issues, projects, or workflow state.
The skill exposes a broad Jira native-API proxy rather than only narrowly scoped helper commands. This is useful for a Jira API skill, but it means the agent could reach many Jira REST endpoints within the connected account.
https://api.maton.ai/jira/{native-api-path}Use explicit user approval for all writes, prefer specific Jira commands when possible, and review raw API paths before execution.
The agent may access or modify Jira data allowed by the connected account and OAuth scopes.
The skill requires delegated Jira access and can perform account actions. This is expected for a Jira integration, but it is sensitive authority.
Access the Jira Cloud API with managed OAuth authentication. Search issues with JQL, create and manage issues, and automate workflows.
Connect only the intended Jira account, use least-privileged permissions where possible, specify the intended cloud ID/connection, and revoke connections when no longer needed.
Installing an external CLI adds code from outside this skill package to the user's environment.
The instruction-only skill documents optional installation of an external CLI package/tap. The commands are user-directed setup, not automatic execution, but users should verify the package source.
npm install -g @maton-ai/cli ... brew install maton-ai/cli/maton
Install the Maton CLI only from a trusted source, verify the package/tap, and keep it updated.
Jira data and actions pass through Maton's API service before reaching Atlassian.
Jira API traffic and OAuth-backed authorization flow through the Maton gateway. This is disclosed and central to the skill, but it requires trusting that provider with Jira requests and authorization handling.
Maton proxies requests to `api.atlassian.com` and automatically injects your OAuth token.
Use this skill only if you trust Maton's OAuth proxy, protect MATON_API_KEY, and avoid sharing generated OAuth/session URLs.