JIRA
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: jira Version: 1.3.3 The skill is classified as suspicious due to its extensive use of shell command execution and direct network calls involving sensitive credentials, which present significant prompt injection vulnerabilities. Specifically, `SKILL.md` and `references/commands.md` instruct the agent to execute various `jira` CLI commands, often leveraging shell features like command substitution (`$(jira me)`) and temporary file creation (`cat > /tmp/jira_body.md`). Furthermore, `references/mcp.md` includes a `curl` command that directly uses `JIRA_USER`, `JIRA_API_TOKEN`, and `JIRA_BASE_URL` environment variables for API interaction. While these actions are intended for legitimate Jira operations, the broad access to shell and network with credentials creates a high-risk attack surface if the agent's instructions are subverted.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approved actions can change Jira tickets and notify coworkers or watchers.
The skill exposes Jira operations that can create, update, transition, assign, or comment on tickets. This is expected for the skill, and the same file instructs the agent to show commands and get approval before modifications.
Create issue | `jira issue create -tType -s"Summary" -b"Description"` ... Move/transition | `jira issue move ISSUE-KEY "State"` ... Add comment | `jira issue comment add ISSUE-KEY -b"Comment text"`
Review each proposed Jira command or MCP call before approving, especially transitions, assignments, comments, sprint changes, and any bulk operation.
The skill can act with whatever Jira permissions are available to the configured CLI, MCP connection, or API token.
The skill may use Jira API credentials for REST/curl fallback and also supports Jira CLI or Atlassian MCP backends that rely on the user's configured Jira identity.
"JIRA_API_TOKEN" ... "Needed for REST/curl fallback"; "JIRA_USER" ...; "JIRA_BASE_URL" ...
Use a Jira account or API token with only the permissions you are comfortable granting, and confirm the target Jira instance before running write operations.
Your Jira access depends on the externally installed jira CLI or the configured MCP service.
The skill is instruction-only and does not auto-install code, but its recommended setup depends on an external CLI installation and local initialization.
brew install ankitpokhrel/jira-cli/jira-cli jira init
Install the jira CLI only from its trusted source, keep it updated, and verify the MCP service configuration before connecting Jira credentials.
Jira issue contents and updates may pass through the configured Atlassian MCP tool connection.
The skill can route Jira reads and writes through Atlassian MCP tools. This is disclosed and purpose-aligned, but users should understand that Jira data and actions are mediated through the configured MCP connection.
If no CLI, check for Atlassian MCP: → Look for mcp__atlassian__* tools → If available: USE MCP BACKEND
Use only a trusted Atlassian MCP configuration and verify which Jira workspace/account it is connected to.