ClawHub

jira-issue-analyzer

Security checks across malware telemetry and agentic risk

Overview

This Jira analysis skill is broadly understandable and purpose-aligned, but its attachment handling can write files outside the intended folder if a Jira attachment has an unsafe name.

Install only if you are comfortable giving the skill a Jira token and letting it download Jira attachments locally. Use a least-privilege Jira token, keep the .env file out of source control, run it in an isolated working directory, and review or patch attachment filename and ZIP extraction handling before using it on tickets with untrusted attachments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill directs the agent to use environment-backed secrets (`JIRA_TOKEN`) and perform network operations against Jira, but it does not declare those capabilities or permissions. This reduces transparency and weakens policy enforcement, making it easier for an operator or downstream automation to invoke credentialed network actions without clear review.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The declared purpose says the skill orchestrates issue analysis and report generation, but the observed behavior includes broader Jira querying, connection testing that reveals current-user data, direct issue data printing, and standalone ZIP handling. This mismatch is dangerous because users and policy systems may approve the skill for a narrow reporting task while it can access, display, or process additional sensitive data beyond that expectation.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill instructs downloading attachments to `/tmp`, saving reports into the project tree, and later deleting temporary directories, but it provides no user-facing warning or confirmation about file writes and deletions. That can lead to unintended persistence of sensitive Jira data on disk or accidental deletion of files if paths are mishandled, especially when issue keys or directories are constructed dynamically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to persist a Markdown report into a local project directory without any user confirmation, opt-in, or warning that local files will be created or overwritten. Even though writing a report is aligned with the skill’s purpose, implicit filesystem modification is still a real safety issue because it can alter the workspace, create unexpected artifacts, or overwrite existing analysis output.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This is a real vulnerability because attachment filenames from Jira are written directly to disk via os.path.join(dest_dir, filename) with no sanitization, validation, or user confirmation. A malicious or compromised Jira attachment could use path traversal sequences or unexpected names to overwrite files outside the intended directory, and the broader skill context makes this more dangerous because the skill is explicitly designed to fetch remote issue attachments and save them locally automatically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal