ClawHub

Jira

v1.0.5

Jira API integration with managed OAuth. Search issues with JQL, create and update issues, manage projects and transitions. Use this skill when users want to interact with Jira issues, projects, or workflows. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).

7· 5.3k·6 current·7 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the behavior in SKILL.md: it proxies Jira Cloud API calls through maton.ai endpoints and manages OAuth connections. The single required env var (MATON_API_KEY) is appropriate for an API gateway service.
Instruction Scope
Runtime instructions are limited to making HTTP requests to gateway.maton.ai and ctrl.maton.ai and reading MATON_API_KEY from the environment. The instructions do not ask the agent to read unrelated files, system config, or other environment variables.
Install Mechanism
No install spec or code files are provided (instruction-only skill), so nothing is written to disk or fetched during installation. This minimizes install-time risk.
Credentials
Only MATON_API_KEY is required. That is proportionate for a gateway-managed OAuth Jira integration. There are no unexplained SECRET/TOKEN/PASSWORD env requirements.
!
Persistence & Privilege
Flags do not set disableModelInvocation, so the model can autonomously invoke the skill. Because the skill can create, update, and delete Jira issues, an agent with that API key could perform destructive or privacy-impacting operations without explicit user confirmation. The skill is not marked always:true, which reduces some risk, but model-invocable modifications are still possible.
Assessment
This skill appears to do what it says: proxy Jira API calls via Maton and manage OAuth connections, and it only requires a single MATON_API_KEY. Before installing, verify you trust the maton.ai / ctrl.maton.ai / gateway.maton.ai services (the skill's source/homepage are unknown). Limit the MATON_API_KEY scope to the minimum permissions needed (prefer read-only for initial testing), avoid using a high-privilege production key, and consider rotating the key after testing. If you do not want the agent performing Jira changes autonomously, ensure the platform can disable model-initiated skill invocation or set the skill to require explicit user invocation. Finally, test first with a non-production Jira account or project to confirm behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk9744d6kh0bt7431kkf1thq9e580xyb1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments