Skillv1.0.1

ClawScan security

Jira OpenClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 20, 2026, 1:27 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it says (connect an OpenClaw agent to Jira Cloud) and its instructions are coherent, but there are a few metadata omissions and operational assumptions (pastewatch MCP) you should verify before installing.
Guidance: This skill is coherent for integrating OpenClaw with Jira, but check a few operational points before installing: 1) The SKILL.md requires pastewatch-cli, curl and python3 but the registry metadata did not declare these — install and configure pastewatch-cli (MCP) if you rely on its redaction guarantees. 2) The instructions store credentials in ~/.openclaw/workspace/.secrets/jira.env (the file is created with chmod 600 in the guide) — consider using a least-privilege PAT, a scoped API token, or a system secret manager if you prefer not to keep plaintext files. 3) Verify pastewatch is correctly deployed and will actually redact outputs the agent might log or send; the claim 'secrets never reach the LLM' depends on correct pastewatch operation. 4) Review cron schedules and agent permissions because automated jobs will be able to read the local secret file and act on Jira (e.g., bumping due dates). 5) If you want the registry manifest to fully reflect runtime needs, ask the publisher to add required binaries to the metadata. If you are unsure about pastewatch or storing credentials in a file, do not enable scheduled/autonomous runs until you have enforced least privilege and verified redaction controls.

Review Dimensions

Purpose & Capability: noteThe SKILL.md and described features (credential setup, helper script, JQL patterns, cron jobs) match the name/description: this is a Jira integration. Minor metadata mismatch: the registry metadata declared no required binaries/env but the README requires pastewatch-cli, curl, and python3.
Instruction Scope: noteInstructions are focused on Jira integration and do not instruct reading unrelated system files. They do tell the agent/operator to create a local secrets file (~/.openclaw/workspace/.secrets/jira.env), a helper script that sources it, and schedule cron jobs that use those credentials. The claim that 'secrets never reach the LLM' depends on an external pastewatch MCP and proper use of pastewatch-cli; that is an operational assumption rather than a guaranteed property.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so nothing is written or downloaded by the skill itself. That keeps install risk low. However, the instructions do require external tools (pastewatch-cli) which the skill does not install or declare in registry metadata.
Credentials: noteThe skill does not request unrelated credentials. It stores Jira credentials locally in a file (jira.env) rather than using declared env vars or a secret manager; the SKILL.md sets restrictive file permissions (700/600). This is proportional but you should confirm you are comfortable with a plaintext file containing credentials vs using a system secret manager or least-privilege PAT.
Persistence & Privilege: okalways: false and default model invocation behavior are appropriate. The skill instructs scheduling periodic cron jobs (agentTurn/isolated sessions) which is consistent with its purpose. Note: scheduled autonomous runs will have access to the stored Jira credentials, so restrict cron cadence and agent permissions as needed.