ClawHub

Jira Ops

v1.0.0

Retrieve, analyze, and update Jira tickets directly. Supports MCP-based (recommended) and direct REST API approaches. Trigger phrases: fetch Jira ticket, upd...

0· 31·0 current·0 all-time
byDeonte Cooper@djc00p
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested environment variables (JIRA_URL, JIRA_EMAIL, JIRA_API_TOKEN) and the described capabilities (search, fetch, update, transition). Minor inconsistency: SKILL.md recommends installing an MCP client via the 'uvx' tool, but the skill metadata does not declare 'uvx' as a required binary or provide an install spec.
Instruction Scope
SKILL.md only instructs the agent to interact with Jira (via MCP tooling or direct REST API) and to use the declared environment variables. It does not ask the agent to read unrelated files, exfiltrate data to third parties, or access system paths outside the Jira integration context.
Install Mechanism
This is an instruction-only skill with no install spec or shipped code (lowest disk risk). It suggests using 'uvx' to install 'mcp-atlassian==0.21.0' but does not provide an install specification or provenance for that package; if you choose MCP, verify the uvx tool and package source before installing.
Credentials
The three required environment variables (JIRA_URL, JIRA_EMAIL, JIRA_API_TOKEN) are appropriate and expected for a Jira integration. They are sensitive credentials, so least-privilege token scopes and secret storage are advised (the SKILL.md already recommends not hardcoding tokens).
Persistence & Privilege
The skill does not request persistent system presence (always: false), does not modify other skills' configurations, and has no config-path requirements. It is user-invocable and may be called autonomously by the agent (platform default) but that is not unusual for skills.
Assessment
This skill appears to do what it says: read and update Jira issues. Before installing or enabling it, verify the following: 1) Only provide a Jira API token scoped with the minimum permissions needed (prefer read or limited write scopes), store it in a secrets manager or env var, and rotate it if exposed. 2) If you plan to use the MCP path, confirm you trust the 'uvx' tool and the 'mcp-atlassian' package source before installing—the SKILL.md recommends installation but the registry metadata does not declare uvx as a required binary. 3) Remember the agent (if allowed) can perform writes to your Jira project; consider restricting autonomous invocation or using a token with limited update rights for safer testing. 4) If you need higher assurance, request an install spec or package provenance from the publisher and test with a sandbox Jira project first.

Like a lobster shell, security has layers — review code before you run it.

latestvk977q4k042f2qrz0kdc753wmtn849wm9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎫 Clawdis
OSLinux · macOS · Windows
EnvJIRA_URL, JIRA_EMAIL, JIRA_API_TOKEN

Comments