Maverick Confluence Mcp
PassAudited by ClawScan on May 13, 2026.
Overview
This skill is a coherent Confluence MCP connector, but it needs OAuth credentials and can act on Confluence content with the connected user's permissions.
This appears safe to install if you intend to connect OpenClaw to Confluence through Atlassian Rovo MCP. Before using it, confirm the Atlassian account and scopes are appropriate, protect the local mcporter credential vault, and approve any content-changing Confluence action explicitly.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the connected Atlassian account and maintain local OAuth state for future calls.
The script seeds OAuth access and refresh tokens into mcporter's credential vault so the MCP client can authenticate to Atlassian.
tokens: {access_token: env.mcp_access, refresh_token: env.mcp_refresh, token_type: "Bearer"}Use a dedicated, appropriately scoped Atlassian authorization where possible, protect the local mcporter credential vault, and revoke the integration if it is no longer needed.
If used carelessly, the agent could create, edit, publish, or comment on Confluence content as the connected user.
The skill explicitly acknowledges that the hosted MCP tools may perform content-changing actions with the user's Confluence permissions.
Tools that create, update, publish, comment on, or otherwise mutate Confluence content should only be invoked after clear user intent.
Require clear user confirmation before any Confluence write, publish, comment, or other mutating action.
The agent may adapt its behavior based on instructions returned by the Atlassian MCP server.
The skill directs the agent to rely on instructions returned by the hosted MCP server. This is expected for MCP discovery, but remote instructions should not override the user's intent or platform safety rules.
The output includes the server's `Instructions:` field (read it) ... Treat this as the authoritative reference for the rest of the session.
Follow the MCP server's tool documentation only within the user's requested Confluence task and do not let remote instructions override user approval requirements.
The installed behavior depends partly on the mcporter package obtained at install time.
The skill depends on an external Node package to provide the mcporter binary. This is purpose-aligned, but the provided install spec does not pin a package version.
node | package: mcporter | creates binaries: mcporter
Install from a trusted registry/source and prefer a pinned or reviewed mcporter version in controlled environments.