Confluence
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent Confluence CLI helper with disclosed setup and credentials, but users should notice that it can modify Confluence content and relies on an external npm CLI package.
Install this only if you trust the confluence-cli npm package and are comfortable giving it a Confluence API token. Before using write operations, check the page ID, space key, and content carefully, and revoke the token if you stop using the skill.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the configured CLI can access Confluence according to the token/account permissions.
The skill requires the user to provide an Atlassian API token so the CLI can act against Confluence with that account's permissions.
**API token**: Paste the token from Step 2
Use the least-privileged token available, keep it private, and revoke it if the skill or local machine is no longer trusted.
A mistaken command could create an unwanted page or overwrite content in a Confluence space.
The skill documents Confluence page creation and update commands, which are purpose-aligned but can change shared workspace content.
confluence create "Page Title" SPACEKEY --body "Page content here" ... confluence update <page-id> --body "Updated content"
Review the target space, page ID, and proposed content before allowing create or update operations.
Installing the package changes the local environment and trusts the npm package maintainer.
The skill depends on installing an external npm CLI globally; this is central to the skill's purpose but relies on the upstream package provenance.
npm install -g confluence-cli
Confirm the package and homepage are the expected confluence-cli project before installing, and prefer a vetted or pinned version where possible.