Jira
v1.0.2Manage Jira issues, transitions, and worklogs via the Jira Cloud REST API.
⭐ 5· 2.7k·4 current·5 all-time
by@kyjus25
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Jira issue/worklog management) match the required env vars (JIRA_URL, JIRA_EMAIL, JIRA_API_TOKEN) and the included script's API calls. The requested credentials are exactly those needed for Jira Cloud REST API access.
Instruction Scope
SKILL.md and scripts instruct only Jira-related operations (search, transitions, comments, worklogs) and tell the agent to use the included script. The script only calls endpoints under the user-supplied JIRA_URL and does not reference unrelated system files, other services, or unexpected external endpoints.
Install Mechanism
There is no install spec (instruction-only skill with an included script). Nothing is downloaded from remote URLs or written to unusual locations. This is the lower-risk installation pattern for skills.
Credentials
Requested env vars (JIRA_URL, JIRA_EMAIL, JIRA_API_TOKEN, optional JIRA_BOARD) are appropriate and proportionate. Note: the script constructs a Basic auth header using JIRA_EMAIL and JIRA_API_TOKEN and will send these to the configured JIRA_URL — that is expected behaviour but worth being aware of. Minor mismatch: the script uses the base64 utility but base64 is not listed in the SKILL.md required binaries; python3 is declared as required in metadata but its use is not visible in the shown snippet (it may be used elsewhere).
Persistence & Privilege
always:false (default) and the skill does not request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but this skill does not request elevated persistence.
Assessment
This skill is a straightforward Jira CLI wrapper and appears to do only Jira API operations. Before installing: (1) Verify you trust the skill source and the included script (scripts/jira.sh) since it will send JIRA_EMAIL and JIRA_API_TOKEN to whatever JIRA_URL you set; use a token with minimal necessary permissions. (2) Confirm network access to the intended Atlassian domain and avoid pointing JIRA_URL to unknown endpoints. (3) Note the script uses standard tools (curl, jq, bc, python3) and also calls base64 (not declared) and common coreutils; ensure those exist in your environment. (4) If you do not want autonomous agent invocation of skills, change agent settings — autonomous invocation is the platform default. (5) If you have any doubt after review, consider creating a dedicated Jira API token with limited scope and rotate it if you remove the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk973e1xs9v8saxw5arrwbznhnn7zjzvj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧭 Clawdis
Binscurl, jq, bc, python3
EnvJIRA_URL, JIRA_EMAIL, JIRA_API_TOKEN