ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Confluence CLI (confcli)

Interact with Confluence Cloud from the command line. Use when reading, creating, updating, or searching Confluence pages, managing attachments, labels, comments, or exporting content.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 784 · 2 current installs · 2 all-time installs
by@hochej
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The documented commands and capabilities (reading, creating, updating pages, attachments, labels, comments, exports) align with a Confluence CLI. Nothing in the instructions suggests functionality outside that purpose.
!
Instruction Scope
The runtime instructions direct the user/agent to run a remote install script (curl -fsSL https://raw.githubusercontent.com/hochej/confcli/main/install.sh | sh). The doc also references environment variables (CONFLUENCE_DOMAIN, CONFLUENCE_EMAIL, CONFLUENCE_TOKEN) and interactive operations. The instructions explicitly say not to ask users to paste tokens (good), but they do permit the agent or user to run potentially-destructive write commands — which the doc attempts to constrain by requiring explicit user intent. Overall the install instruction and env var use are scope concerns.
!
Install Mechanism
There is no declared install spec in the registry, but SKILL.md recommends piping a raw GitHub-hosted install script into sh. raw.githubusercontent.com is a common host for releases, but piping a remote script to sh is a high-risk pattern because it executes remote code without local inspection.
!
Credentials
The skill metadata declares no required environment variables or primary credential, yet SKILL.md expects CONFLUENCE_DOMAIN, CONFLUENCE_EMAIL, and CONFLUENCE_TOKEN / CONFLUENCE_API_TOKEN for authentication. Those variables are appropriate for a Confluence CLI, but their absence from the metadata is an inconsistency and a transparency issue.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not declare modifications to other skills or system-wide settings. Agent autonomous invocation is allowed by default, which is normal — there are no additional persistence/privilege requests in the manifest.
What to consider before installing
This skill appears to be a legitimate Confluence CLI, but two issues need your attention before installing: (1) SKILL.md expects CONFLUENCE_DOMAIN, CONFLUENCE_EMAIL, and CONFLUENCE_TOKEN environment variables but the skill metadata doesn't declare them — verify and provide credentials only via environment variables or interactive login as recommended; (2) the doc recommends running a remote install script by piping raw.githubusercontent.com content into sh — avoid blind curl|sh if you can. Instead: review the install script on the repository, download it and inspect it locally before executing, or install the CLI via a package manager or a verified release. If you plan to let an agent invoke this skill autonomously, do not give it your API token unless you trust the skill and have inspected the installer and behavior. Ask the skill author (or the registry) to update metadata to list the required env vars and to provide a vetted install mechanism or release URL.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.2.5
Download zip
latestvk9720sbx6wjytsha13qsz3ka0580sbmf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

confcli

CLI for Confluence Cloud.

Installation

Check if confcli is installed:

command -v confcli

If not installed, install via:

curl -fsSL https://raw.githubusercontent.com/hochej/confcli/main/install.sh | sh

To install a specific version or to a custom directory:

curl -fsSL https://raw.githubusercontent.com/hochej/confcli/main/install.sh | VERSION=0.2.3 sh
curl -fsSL https://raw.githubusercontent.com/hochej/confcli/main/install.sh | INSTALL_DIR=~/.bin sh

Authentication

Check auth status first:

confcli auth status

If not authenticated, ask the user to configure authentication. They can either:

  1. Run confcli auth login interactively in their own terminal, or
  2. Set environment variables before starting the session:
    • CONFLUENCE_DOMAIN — e.g. yourcompany.atlassian.net
    • CONFLUENCE_EMAIL
    • CONFLUENCE_TOKEN (or CONFLUENCE_API_TOKEN)

API tokens are generated at https://id.atlassian.com/manage-profile/security/api-tokens

Never ask the user to paste a token into the conversation. Tokens must be set via environment variables or confcli auth login.

Page References

Pages can be referenced by:

  • ID: 12345
  • URL: https://company.atlassian.net/wiki/spaces/MFS/pages/12345/Title
  • Space:Title: MFS:Overview

Important

Write operations (create, update, delete, purge, edit, label add/remove, attachment upload/delete, comment add/delete, copy-tree) require explicit user intent. Never perform these based on assumptions.

Use --dry-run to preview destructive operations without executing them.

Common Commands

# Spaces
confcli space list
confcli space get MFS
confcli space pages MFS --tree
confcli space create --key PROJ --name "Project" -o json --compact-json
confcli space delete MFS --yes

# Pages
confcli page list --space MFS --title "Overview"
confcli page get MFS:Overview                  # metadata (table)
confcli page get MFS:Overview --show-body      # include body in table output
confcli page get MFS:Overview -o json          # full JSON
confcli page body MFS:Overview                 # markdown content
confcli page body MFS:Overview --format storage
confcli page children MFS:Overview
confcli page children MFS:Overview --recursive
confcli page history MFS:Overview
confcli page open MFS:Overview                 # open in browser
confcli page edit MFS:Overview                 # edit in $EDITOR

# Search
confcli search "query"
confcli search "type=page AND title ~ Template"
confcli search "confluence" --space MFS

# Write
confcli page create --space MFS --title "Title" --body "<p>content</p>"
confcli page update MFS:Overview --body-file content.html
confcli page delete 12345

# Attachments
confcli attachment list MFS:Overview
confcli attachment upload MFS:Overview ./file.png ./other.pdf
confcli attachment download att12345 --dest file.png

# Labels
confcli label add MFS:Overview tag1 tag2 tag3
confcli label remove MFS:Overview tag1 tag2
confcli label pages "tag"

# Comments
confcli comment list MFS:Overview
confcli comment add MFS:Overview --body "LGTM"
confcli comment delete 123456

# Export
confcli export MFS:Overview --dest ./exports --format md

# Copy Tree
confcli copy-tree MFS:Overview MFS:TargetParent

Output Formats

Use -o flag: json, table, md

confcli space list -o json
confcli page get MFS:Overview -o json

Pagination

Add --all to fetch all results, -n to set limit:

confcli space list --all
confcli search "query" --all -n 100

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…