Confluence
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: confluence Version: 1.1.0 The OpenClaw skill bundle for Confluence is benign. It provides instructions and commands for interacting with Confluence via the `confluence-cli` tool. All operations, including installation via `npm install -g confluence-cli`, configuration, and page management (read, create, update, export), are standard for a CLI tool and directly align with its stated purpose. There is no evidence of prompt injection against the agent, data exfiltration, malicious execution patterns, persistence mechanisms, or obfuscation. The skill appropriately handles API tokens through the legitimate `confluence init` command and stores configuration locally at `~/.confluence-cli/config.json`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the configured CLI can access Confluence according to the token/account permissions.
The skill requires the user to provide an Atlassian API token so the CLI can act against Confluence with that account's permissions.
**API token**: Paste the token from Step 2
Use the least-privileged token available, keep it private, and revoke it if the skill or local machine is no longer trusted.
A mistaken command could create an unwanted page or overwrite content in a Confluence space.
The skill documents Confluence page creation and update commands, which are purpose-aligned but can change shared workspace content.
confluence create "Page Title" SPACEKEY --body "Page content here" ... confluence update <page-id> --body "Updated content"
Review the target space, page ID, and proposed content before allowing create or update operations.
Installing the package changes the local environment and trusts the npm package maintainer.
The skill depends on installing an external npm CLI globally; this is central to the skill's purpose but relies on the upstream package provenance.
npm install -g confluence-cli
Confirm the package and homepage are the expected confluence-cli project before installing, and prefer a vetted or pinned version where possible.