ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Confluence Integration

v0.1.0

Confluence REST API integration via curl - lightweight solution without Python dependencies. Supports search, page operations, and file attachments.

0· 9·0 current·0 all-time
by@lukaizj
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name, description, and runtime script align with a Confluence REST API client (search, pages, attachments). The requested environment variables (CONFLUENCE_URL, CONFLUENCE_USER, CONFLUENCE_PASS) are appropriate. HOWEVER the registry/metadata claims no required binaries, while the included script enforces both curl and jq — the metadata is incomplete/inconsistent.
!
Instruction Scope
SKILL.md and instructions restrict activity to Confluence REST calls and only the declared env vars. The shell script indeed only targets CONFLUENCE_URL/rest/api/... and local temp files. Still, the script uses curl -u user:pass (exposing credentials on the process command line to other local users) and writes attachment responses to /tmp; both are modest risks and contradict the SKILL.md's strong assertion that credentials are "never exposed or stored externally."
Install Mechanism
No install spec (instruction-only with an included shell script). This is low-risk from an installation perspective because nothing is downloaded during install. The script will run locally when invoked.
Credentials
The three required environment variables are exactly what a Confluence CLI needs and are proportionate. Minor issue: primary credential field is not declared in registry (no primaryEnv), but that is administrative rather than functional. Use of plaintext CONFLUENCE_PASS is expected for API tokens but merits caution.
Persistence & Privilege
Skill is not always-on and does not request persistent privileges or modify other skills. It runs on demand and does not declare elevated system presence.
What to consider before installing
This is a mostly coherent Confluence curl wrapper, but stop and confirm a few things before installing: (1) The included script requires curl and jq even though metadata does not list them — install those first. (2) Prefer an API token over a password and avoid placing CONFLUENCE_PASS in shared/global environments; running curl with -u user:pass can expose the password in process listings on multi-user systems. Consider using a .netrc or Authorization header method to reduce exposure. (3) The script writes temporary response files to /tmp; if you run on a multi-user host, consider running in an isolated container or ensure /tmp access is safe. (4) Review the full confluence.sh contents locally (you already have it) before use; confirm CONFLUENCE_URL points to your trusted Confluence instance. If you need stronger guarantees about credential handling, request the author to (a) document required binaries in metadata, (b) avoid inline -u usage (use headers or .netrc), and (c) avoid plaintext temp files or use a secure temp path.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvCONFLUENCE_URL, CONFLUENCE_USER, CONFLUENCE_PASS
latestvk978fd4fb7g8je04ghrvkjehns85ajy9
9downloads
0stars
1versions
Updated 2h ago
v0.1.0
MIT-0
@lukaizj
latest
Download

Confluence Integration

Confluence integration skill for OpenClaw. Manage wiki pages, spaces, and content via REST API using pure curl/shell.

Capabilities

  • Search Confluence pages using CQL
  • Get, create, and update pages
  • List and view spaces
  • Upload attachments to pages
  • Create child pages

Setup

  1. Create a Confluence API token or use password
  2. Get your Confluence base URL
  3. Configure environment variables

Environment Variables

VariableRequiredDescription
CONFLUENCE_URLYesYour Confluence base URL (e.g., https://your-company.atlassian.net)
CONFLUENCE_USERYesYour Confluence username or email
CONFLUENCE_PASSYesYour password or API token

Security Note: These credentials are only used locally and never exposed or stored externally.

Usage Examples

Check connection to Confluence

Search for pages containing "kyuubi"

Get page with ID 123456

Create a new page in space DAT with title "Project Notes"

Update page 123456 with new content

Upload attachment to page 123456

Commands

check

Verify connection to Confluence instance.

search

Search pages using Confluence Query Language (CQL).

text ~ "keyword"
space = "DAT" AND text ~ "spark"
type = page

page get

Get a page by ID. Returns title, content, space, version.

page create

Create a new page. Options:

  • --space: Space key (required)
  • --title: Page title (required)
  • --body: Page content (required)
  • --parent: Parent page ID for child pages

page update

Update page content. Options:

  • --body: New content
  • --title: New title
  • --append: Append to existing content

page attach

Upload file attachment to a page.

space list

List all accessible spaces.

CQL Examples

SearchDescription
text ~ "kyuubi"Pages containing "kyuubi"
space = "DAT"Pages in DAT space
type = pageAll pages
text ~ "spark" AND space = "DEV"Pages about spark in DEV space

Comments

Loading comments...