Atlassian Jira by altf1be
Atlassian Jira Cloud CRUD skill — manage issues, comments, attachments, workflow transitions, and JQL search via Jira REST API v3 with email + API token auth.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 8 · 0 current installs · 0 all-time installs
byAbdelkrim from Brussels@Abdelkrim
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Jira Cloud CRUD) match the declared env vars (JIRA_HOST, JIRA_EMAIL, JIRA_API_TOKEN), code, and commands. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md instructs npm install, setting Jira env vars, and running the CLI. The included scripts read only Jira-specific env vars and only access files explicitly passed via --file. Commands and file reads are scoped to Jira operations.
Install Mechanism
No custom installer; SKILL.md asks users to run npm install which will fetch commander and dotenv from the public npm registry (package-lock.json shows legitimate npm registry URLs). This is an expected, moderate-risk step for a Node CLI but not unusual for this purpose.
Credentials
Only Jira-related env vars are required (host, email, API token). The script also reads optional JIRA_DEFAULT_PROJECT, JIRA_MAX_RESULTS, and JIRA_MAX_FILE_SIZE (these optional env vars are reasonable and limited in scope). No unrelated secrets or system credentials are requested.
Persistence & Privilege
Skill is not always-enabled and does not request system-wide changes. It does not modify other skills or global agent settings. Agent autonomous invocation is allowed but is the platform default.
Assessment
This skill appears to do exactly what it claims: a local Node CLI that talks to your Jira Cloud using the provided host/email/API token. Before installing, verify you trust the repository (it requests npm dependencies from the public registry), store the API token securely (use a secure .env or secret store), and be careful not to pass local files you don't intend to upload when using --file. Note that the CLI reads a few optional env vars (JIRA_DEFAULT_PROJECT, JIRA_MAX_RESULTS, JIRA_MAX_FILE_SIZE) even though only the three required vars are declared; that's benign but worth knowing. Autonomous agent invocation is allowed by default on the platform — only grant the skill your Jira credentials if you trust it and its source.scripts/jira.mjs:27
Environment variable access combined with network send.
scripts/jira.mjs:13
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.1.1
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎫 Clawdis
EnvJIRA_HOST, JIRA_EMAIL, JIRA_API_TOKEN
Primary envJIRA_HOST
SKILL.md
Jira Cloud by @altf1be
Manage Atlassian Jira Cloud issues, comments, attachments, and workflow transitions via the REST API.
Setup
- Get an API token from https://id.atlassian.com/manage-profile/security/api-tokens
- Set environment variables (or create
.envin{baseDir}):
JIRA_HOST=yourcompany.atlassian.net
JIRA_EMAIL=you@example.com
JIRA_API_TOKEN=your-api-token
JIRA_DEFAULT_PROJECT=PROJ
- Install dependencies:
cd {baseDir} && npm install
Commands
Issues
# List issues (optionally filter by project, status, assignee)
node {baseDir}/scripts/jira.mjs list --project PROJ --status "In Progress" --assignee "currentUser()"
# Create an issue
node {baseDir}/scripts/jira.mjs create --project PROJ --type Task --summary "Fix login bug" --description "Users can't log in" --priority High
# Read issue details
node {baseDir}/scripts/jira.mjs read --key PROJ-123
# Update issue fields
node {baseDir}/scripts/jira.mjs update --key PROJ-123 --summary "New title" --priority Low
# Delete issue (requires --confirm)
node {baseDir}/scripts/jira.mjs delete --key PROJ-123 --confirm
# Search with JQL
node {baseDir}/scripts/jira.mjs search --jql "project = PROJ AND status = Open ORDER BY created DESC"
Comments
# List comments on an issue
node {baseDir}/scripts/jira.mjs comment-list --key PROJ-123
# Add a comment
node {baseDir}/scripts/jira.mjs comment-add --key PROJ-123 --body "This is ready for review"
# Update a comment
node {baseDir}/scripts/jira.mjs comment-update --key PROJ-123 --comment-id 10001 --body "Updated comment"
# Delete a comment (requires --confirm)
node {baseDir}/scripts/jira.mjs comment-delete --key PROJ-123 --comment-id 10001 --confirm
Attachments
# List attachments on an issue
node {baseDir}/scripts/jira.mjs attachment-list --key PROJ-123
# Upload an attachment
node {baseDir}/scripts/jira.mjs attachment-add --key PROJ-123 --file ./screenshot.png
# Delete an attachment (requires --confirm)
node {baseDir}/scripts/jira.mjs attachment-delete --attachment-id 10001 --confirm
Workflow Transitions
# List available transitions for an issue
node {baseDir}/scripts/jira.mjs transitions --key PROJ-123
# Move issue to a new status (by transition ID or name)
node {baseDir}/scripts/jira.mjs transition --key PROJ-123 --transition-id 31
node {baseDir}/scripts/jira.mjs transition --key PROJ-123 --transition-name "Done"
Dependencies
commander— CLI frameworkdotenv— environment variable loading- Node.js built-in
fetch(requires Node >= 18)
Security
- Email + API token auth (Basic auth via base64 encoding)
- No secrets or tokens printed to stdout
- All delete operations require explicit
--confirmflag - Path traversal prevention for file uploads
- Built-in rate limiting with exponential backoff retry
- Lazy config validation (only checked when a command runs)
Author
Abdelkrim BOUJRAF — ALT-F1 SRL, Brussels 🇧🇪 X: @altf1be
Files
5 totalSelect a file
Select a file to preview.
Comments
Loading comments…