Skillv1.0.1

ClawScan security

Jira Expert.Old · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 25, 2026, 8:36 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with a Jira configuration/help tool; nothing in the package indicates hidden exfiltration or unrelated privileged access—but there are a few practical gaps and provenance risks you should review before use.
Guidance: This package looks like a coherent Jira guidance and utility skill, but take these precautions before installing or running it: - Source and provenance: the skill has no homepage and an unknown owner. If you plan to use it in production, prefer packages with known authors or inspect the full source code locally. - CLI dependency: SKILL.md uses an external 'mcp jira' CLI; verify what that tool is, where it comes from, and that it is already installed and configured on your system before allowing the agent to run those commands. - Credentials & least privilege: actual Jira operations and integrations (Slack, GitHub, Confluence, webhooks) require API tokens. Do not provide org-wide admin credentials. Use scoped personal access tokens or service accounts with minimal permissions, and rotate/revoke them as appropriate. - Review the included scripts locally: the two Python scripts (jql_query_builder.py and workflow_validator.py) appear to be self-contained utilities. Inspect the full files (the listing above was truncated) to confirm they contain no network calls or unexpected behavior before executing them. Run them in a sandbox or non-production environment first. - Test in a sandbox: follow the skill's own best practice—test automation rules and workflow changes in a test project/sandbox before applying to production. If you want a tighter assessment, provide the complete, untruncated source for the two Python scripts and indicate whether the agent will be allowed to execute commands (autonomous execution) or only provide advisory output; that information would raise or lower confidence.

Review Dimensions

Purpose & Capability: noteName, description, and included files (JQL builder, workflow validator, automation/workflow/JQL references) align with a Jira expert skill. One mismatch: SKILL.md examples call a CLI named 'mcp jira' to create projects and run searches, but the skill does not declare or install that CLI nor request Jira credentials—this is plausible if the skill only provides guidance, but it means the skill assumes the environment already has an external tool configured.
Instruction Scope: noteSKILL.md is largely documentation and actionable examples for Jira operations, JQL, workflows, and automation. It includes example commands that run an external CLI and examples of webhooks/integrations (Slack, GitHub, Confluence). The instructions do not tell the agent to read unrelated system files or export data to unknown endpoints. However, the examples assume integrations/webhooks and external tooling are configured; the skill does not instruct how to obtain or safely store those credentials.
Install Mechanism: okNo install spec and no archive downloads are present (instruction-only + two Python helper scripts). This minimizes the risk of arbitrary code being pulled at install time. The included scripts are plain Python and appear to be local utilities rather than installers.
Credentials: noteThe skill declares no required environment variables or credentials, which means it is not requesting secrets it doesn't need. At the same time, practical use (calling Jira APIs, sending Slack/GitHub webhooks, running the example 'mcp jira' CLI) normally requires tokens/credentials; the absence of any declared credential requirements is a potential oversight rather than a direct red flag. There are no environment-access patterns in SKILL.md or the visible scripts that attempt to read arbitrary secrets.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable; it does not modify other skills or system-wide settings. It appears to be a non-persistent helper (documentation + local scripts) and therefore has low privilege footprint.