Clawhub Jira Pat Skill

The skill bundle is designed for Jira management using Personal Access Tokens. While the `SKILL.md` provides legitimate instructions, the `scripts/jira-pat.sh` helper script contains multiple shell injection vulnerabilities. User-supplied arguments (e.g., issue keys, JQL queries) are directly interpolated into `curl` command URLs without proper sanitization, allowing for arbitrary command execution if an attacker can control the input to these functions. This is a critical vulnerability, but there is no evidence of intentional malicious behavior like data exfiltration or backdoor installation, thus classifying it as suspicious.