ClawHub

jira-auto-analyze

Security checks across malware telemetry and agentic risk

Overview

This is a coherent JIRA ticket automation skill, but it embeds real-looking JIRA credentials and can modify live tickets, so it needs careful review before use.

Install only after removing and rotating the embedded JIRA password, replacing credentials with a secure per-user or least-privilege service account secret, and confirming the exact filter and assignment rules. Run dry-run first, avoid the debug login/screenshot scripts, and do not schedule live runs until monitoring, rollback, and authorization are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (32)

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The documentation claims execution requires confirmation, but elsewhere describes automatic processing and direct ticket modification. This inconsistency can cause operators to assume a human approval step exists when the workflow may autonomously change live JIRA data.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script opens the JIRA configuration file and prints sensitive operational details such as the username, password length, server URL, and assignment rules. Even though it does not print the full password, exposing credential-related metadata and internal routing information is unnecessary for a structure check and can aid reconnaissance or leak private configuration through logs, terminals, or screenshots.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The configuration hardcodes a JIRA username and password in plaintext, which is a real secret exposure issue regardless of the skill's intended automation purpose. Anyone with access to the skill files can reuse these credentials to access JIRA, read or modify tickets, impersonate the automation account, and potentially pivot further depending on that account's permissions.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The usage guide includes a concrete JIRA username and password in plaintext. Exposing live-looking credentials in documentation is dangerous because readers, downstream tooling, or anyone with repository access can reuse them to access the ticketing system, and the skill’s purpose does not require publishing secrets inline.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The guide presents the default command as performing real processing directly, while later claiming actual changes require confirmation. This mismatch can cause operators or an agent wrapper to execute state-changing actions against JIRA without an explicit safety gate, leading to unintended reassignment or comments on live tickets.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script goes beyond passive analysis and actively performs an automated login attempt by filling a hard-coded username and password, then clicking submit. In the context of a JIRA ticket-analysis skill, this is out-of-scope behavior that introduces unauthorized access risk, credential misuse, and unintended interaction with a production system.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This file implements credential-driven browser automation against a live JIRA instance, which is unrelated to the stated business function of analyzing ticket contents and routing work items. Such embedded login automation expands the skill's capabilities into account access and system interaction, increasing the risk of misuse, lateral movement, and accidental actions in production.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The docstring understates the behavior as login debugging, while the implementation actually injects fixed credentials and attempts authentication. This mismatch is dangerous because reviewers or operators may underestimate the script's power and run it without realizing it performs sensitive actions against a real service.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The demo prints live JIRA configuration metadata such as the server URL, username, filter ID, rejection message, and password length. Even without revealing the full password, exposing credential-adjacent and environment details increases information disclosure risk, especially in logs, screenshots, CI output, or shared terminals. In the context of an automation skill that operates against production-like JIRA tickets, this makes reconnaissance and account targeting easier.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script embeds default JIRA credentials directly in code and uses them for automated login. Hardcoded secrets are highly dangerous because they can be extracted from source control, logs, backups, or redistributed skill packages, enabling unauthorized access to the JIRA instance and any data/actions that account can reach. In this context the risk is increased because the skill does not merely read tickets; it can comment on and reassign them, so compromise of the credentials enables active workflow manipulation.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The browser is launched with an argument specifically intended to reduce automation detectability. While not an exploit by itself, anti-detection behavior is unnecessary for a legitimate internal JIRA triage task and is risky because it bypasses platform safeguards, makes automation harder to audit, and signals an attempt to conceal scripted access from defenses or monitoring. The skill context makes this more suspicious because normal enterprise workflow automation should use approved APIs or clearly identified automation accounts.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script auto-generates a configuration file containing a hardcoded JIRA username and plaintext password. Embedding real-looking credentials in code and writing them to disk creates immediate credential exposure risk, can lead to unauthorized access if valid, and normalizes insecure secret handling in an automation skill that will likely run on shared systems.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The installer persists operational rules, reply templates, and especially JIRA credentials into a local config file. While storing rules is not inherently unsafe, persisting access credentials in plaintext broadens the skill's trust boundary and creates a durable local secret that can be read, copied, or accidentally committed.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script captures and stores a screenshot of the JIRA page to /tmp, which can include ticket contents, usernames, internal metadata, or other sensitive business information unrelated to the minimum task of checking required fields and assigning owners. Even if intended for debugging, persistent capture of UI data expands data exposure and creates an unnecessary collection channel.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The script enumerates input fields and logs identifiers such as type, id, and name from the JIRA login page. While this may be for debugging, it exceeds the stated business purpose and can aid reconnaissance of authentication forms or internal application structure if logs are exposed.

Context-Inappropriate Capability

Low
Confidence
94% confidence
Finding
The initialization test loads a credential-bearing config file and prints operational details including the JIRA URL, username, password length, and assignment rules. Even though the password itself is masked, unnecessarily reading and displaying sensitive configuration in a test script increases the chance of credential exposure through logs, screenshots, terminal history, or CI output, and this behavior is not required for basic ticket-analysis validation.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The installation guide includes what appear to be real JIRA credentials directly in example configuration and environment variable snippets. Even in documentation, publishing usable secrets or realistic-looking credentials encourages copy/paste reuse, risks credential leakage into shells, logs, screenshots, and version control, and can directly expose a live system if the credentials are valid.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide recommends cron-based unattended execution of a script that performs real JIRA modifications, but it does not clearly warn that comments and assignee changes will happen automatically. In an automation skill that edits production tickets, silent scheduling increases the chance of unintended bulk changes, misassignment, and operational disruption if rules are wrong or credentials are compromised.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The uninstall instructions include a recursive delete command targeting the skill directory without a clear warning that local files, logs, and configuration will be permanently removed. While the path is relatively narrow, copy/paste execution of destructive commands in install docs can still cause accidental data loss, especially if users edit the path incorrectly.

Missing User Warnings

High
Confidence
99% confidence
Finding
The README includes what appear to be real JIRA credentials in plaintext (`username` and `password`) inside a configuration example, with no masking or warning. Publishing usable credentials in documentation can directly enable unauthorized access to the JIRA system, especially because this skill is explicitly designed to read and modify live tickets.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README documents a live execution mode that will automatically modify JIRA tickets, but it does not present a prominent warning about production-impacting changes before showing the command. In this skill's context, automated reassignment and auto-reply actions affect real workflow data, so unclear safety messaging increases the chance of accidental unauthorized or disruptive changes.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to match ordinary user requests about ticket handling, increasing the chance that the skill auto-loads in contexts where the user did not intend live JIRA automation. In this skill's context, accidental activation is more dangerous because the skill is documented to perform authenticated actions and modify production tickets.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill states it loads when users mention related keywords, but does not define exact activation boundaries. Ambiguous activation increases the risk of unintended execution of browser automation and ticket updates based on casual conversation or loosely related requests.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This code reads credential-bearing configuration and emits portions of it to stdout without user consent, warning, or access controls. In shared environments, CI logs, shell history captures, screen recordings, or support bundles could expose internal account names and confirm the existence and shape of secrets, increasing the chance of targeted abuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document instructs the agent to log into an internal JIRA instance using a specific named account, but provides no guardrails around credential sourcing, authorization, secret storage, or confirmation that the operator is permitted to automate actions with that identity. In the context of an auto-processing skill that can comment on and reassign live tickets, this creates a real risk of unauthorized account use, privilege misuse, and accidental exposure or hardcoding of credentials in downstream implementations.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal