Jira
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it advertises for Jira, but it uses your Jira API token to make persistent issue and worklog changes.
Before installing, confirm you trust the skill source, inspect the full helper script if available, and configure a Jira API token with only the access needed. Use extra care with commands that create issues, change status, assign users, comment, or log work because those changes persist in Jira.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong issue, status, assignee, comment, or hours value, the skill can create inaccurate or unwanted Jira changes.
The script performs Jira write operations, including status transitions and worklog creation. This is consistent with the skill purpose, but it can modify shared business records.
resp=$(api POST "/rest/api/3/issue/${issue}/transitions" ...); resp=$(api POST "/rest/api/3/issue/${issue}/worklog" ...)Review commands that write to Jira before running them, especially status changes, assignments, comments, issue creation, and worklog entries.
Anyone or any agent process with access to these environment variables could act on Jira as the configured user.
The skill authenticates to Jira using the user's email and API token. This is expected for Jira Cloud, but it means actions are performed with that account's permissions.
AUTH_HEADER="Authorization: Basic $(printf '%s:%s' "$JIRA_EMAIL" "$JIRA_API_TOKEN" | base64)"
Use a token/account with the minimum necessary Jira permissions, protect the environment variables, and rotate the token if it may have been exposed.
It is harder to independently verify the origin or update history of the included helper script.
The skill's registry metadata does not identify a source repository or verified publisher provenance.
Source: unknown
Inspect the full script before use and prefer installing skills from sources or publishers you trust.