ClawHub
Back to skill
v0.2.5

Confluence CLI (confcli)

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:29 AM.

Analysis

The skill is purpose-aligned for Confluence work, but it asks users or agents to install an unreviewed remote shell script before using credentials that can modify or delete Confluence content.

GuidanceReview the installer source before using this skill. If you proceed, install confcli manually from a verified, pinned release where possible, configure Confluence credentials outside the chat, and require clear confirmation for any create, update, delete, upload, or copy-tree operation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
curl -fsSL https://raw.githubusercontent.com/hochej/confcli/main/install.sh | sh

The install instructions execute a remote script from the mutable main branch directly in the shell, while the artifact set includes no installer code, checksum, pinned revision, or install spec for review.

User impactInstalling it this way could run code from a source the registry artifacts do not verify before the user starts using Confluence credentials.
RecommendationVerify the GitHub repository and installer manually, prefer a pinned release or package manager with checksums, and avoid letting an agent run the installer automatically.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
Write operations (create, update, delete, purge, edit, label add/remove, attachment upload/delete, comment add/delete, copy-tree) require explicit user intent.

The skill exposes high-impact Confluence mutations, including deletion and bulk copy operations, but it also instructs that these require explicit user intent.

User impactIf approved, the agent could create, change, copy, upload to, or delete Confluence content in the authenticated account.
RecommendationUse explicit approvals for every write or delete action, prefer dry runs for destructive commands, and confirm the target page or space before proceeding.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Set environment variables before starting the session: CONFLUENCE_DOMAIN, CONFLUENCE_EMAIL, CONFLUENCE_TOKEN (or CONFLUENCE_API_TOKEN)

The skill requires delegated Confluence account access through login or API-token configuration; this is expected for the stated purpose and it warns not to paste tokens into the conversation.

User impactThe CLI will act with the permissions of the configured Confluence user or token.
RecommendationUse the least-privileged Confluence account or token available, rotate tokens if exposed, and do not paste secrets into chat.