Jira OpenClaw
Security checks across malware telemetry and agentic risk
Overview
This appears to be a real Jira connector, but it can give OpenClaw broad and recurring ability to change Jira tickets, so it needs review before use.
Install only if you intentionally want OpenClaw to access and possibly modify Jira. Use a dedicated least-privilege Jira token, verify pastewatch redaction, add endpoint/action allowlists, require approval for write operations, and be especially careful before enabling the scheduled cron workflows.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could modify Jira issues, links, statuses, or fields using the user's Jira permissions if prompted incorrectly or if a workflow is too broad.
The helper accepts an arbitrary HTTP method, endpoint, and request body, so an agent using it is not limited to safe Jira reads; the same document shows POST/PUT examples for transitions, field updates, and issue links.
METHOD="${1:?Usage: jira.sh <METHOD> <endpoint> [body]}" ... curl -s --http1.1 -X "$METHOD" ... -d "$BODY" "$URL"Use an endpoint allowlist such as chainwatch, require explicit approval for POST/PUT/DELETE actions, prefer dry-run previews, and log all Jira changes.
The agent may inherit broad Jira account permissions, which could affect sensitive business tickets if the token is over-privileged.
The skill instructs users to store a Jira API token/PAT and use it for Basic auth, but does not specify least-privilege scopes, a dedicated service account, or project/action limits.
JIRA_TOKEN=<your-api-token-or-pat> ... JIRA_EMAIL=your@email.com ... curl ... -u "${JIRA_EMAIL}:${JIRA_TOKEN}"Use a dedicated low-privilege Jira account or narrowly scoped token, avoid admin tokens, rotate credentials, and restrict the projects/actions the agent can access.
Jira tickets could continue changing on a schedule after setup, which may surprise users or teams if the JQL filters are wrong or the automation is no longer desired.
The documented workflows create recurring autonomous agent jobs that can mutate Jira data, including linking tasks and changing due dates.
Schedule as OpenClaw cron: `isolated` session, `agentTurn`, Mon-Fri at start of day ... Checks end-of-day for unresolved tickets due today, bumps +1 day
Make cron setup explicitly opt-in, narrow the JQL filters, add notifications or approval before each write, and provide a clear way to pause or remove the jobs.
If pastewatch is not correctly installed and running, a user may over-trust the secret-safety claim and accidentally expose Jira credentials to the agent context.
The safety claim depends on an external pastewatch MCP setup; the skill is instruction-only and does not itself enforce that redaction is active.
Secrets never reach the LLM — pastewatch redacts credentials in transit.
Verify pastewatch is installed, running, and redacting before using the token; do not ask the agent to print or inspect the secret file.
The skill may not work as described, or may run without the intended redaction/guardrail tooling, unless the user manually verifies the environment.
The registry does not enforce the external tools and helper script described in SKILL.md, so dependency setup and provenance are left to the user.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Declare required tools in metadata, document trusted installation sources, and verify pastewatch/curl/python3 before enabling Jira access.