ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Snowsand Jira

Interact with Jira Cloud via REST API. Use for searching issues (JQL), viewing issue details, creating/updating issues, adding comments, transitioning status...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 34 · 0 current installs · 0 all-time installs
by@snowsand-enterprises
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md and scripts/jira.py implement a Jira Cloud REST client and clearly require JIRA_BASE_URL, JIRA_USER_EMAIL, and JIRA_API_TOKEN. However the registry metadata lists no required environment variables or primary credential, which is inconsistent and could mislead users about needed credentials.
Instruction Scope
Runtime instructions and the included Python script are scoped to Jira operations (search, create/update issues, comments, transitions, boards, sprints, worklogs). The SKILL.md and script only reference Jira-related env vars and endpoints; they do not instruct reading unrelated local files or calling external endpoints outside JIRA_BASE_URL.
Install Mechanism
There is no install spec or external download. The skill is instruction-plus-script only (scripts bundled in the skill). No URL downloads, package registry installs, or extract operations are present.
!
Credentials
The three sensitive environment variables required (JIRA_BASE_URL, JIRA_USER_EMAIL, JIRA_API_TOKEN) are appropriate and proportionate for a Jira integration. The concern is that the skill metadata omitted declaring these required env vars and primary credential, increasing risk of accidental exposure or misconfiguration by users who rely on registry metadata.
Persistence & Privilege
The skill does not request 'always: true' or other elevated persistence. It performs network calls to the Jira instance only and does not attempt to modify other skills or system-wide agent settings.
What to consider before installing
This skill appears to be a normal Jira Cloud CLI that will need your Jira instance URL, your Atlassian account email, and an API token. However: - The registry metadata incorrectly lists no required environment variables; do not assume no credentials are needed. The SKILL.md and script require JIRA_BASE_URL, JIRA_USER_EMAIL, and JIRA_API_TOKEN. - The source is anonymous (no homepage). Prefer skills with a verifiable repository or publisher. Ask the publisher for the repository or inspect the full script before use. - Treat JIRA_API_TOKEN as sensitive: set it only in a secure secret store, grant least privilege, and rotate it if exposed. - Because the bundle contains executable Python, consider testing in a sandbox or review the entire script (the provided script is consistent with the docs, but part of the file was truncated in the package listing). Confirm there are no hidden network endpoints or logging of environment variables. - If you proceed, verify the token scope and audit actions performed by the skill (e.g., who can create/update issues) and ensure your agent will not leak credentials in logs or external messages.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97cf0qvade0k25k8y0c1t7bk982z4jr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Jira Cloud Integration

Jira Cloud REST API integration for issue tracking, sprint management, and worklog operations.

Authentication

Jira Cloud uses API token authentication. Required environment variables:

Test connection:

curl -s -u "$JIRA_USER_EMAIL:$JIRA_API_TOKEN" "$JIRA_BASE_URL/rest/api/3/myself" | jq .

Quick Reference

All operations use the scripts/jira.py script:

OperationCommand
Search (JQL)jira.py search "project = PROJ AND status = Open"
View issuejira.py get PROJ-123
Create issuejira.py create PROJ --type Task --summary "Title" --description "Body"
Update issuejira.py update PROJ-123 --summary "New title"
Add commentjira.py comment PROJ-123 "Comment text"
Transitionjira.py transition PROJ-123 "In Progress"
List boardsjira.py boards
Get sprintsjira.py sprints BOARD_ID
Sprint issuesjira.py sprint-issues SPRINT_ID
Log workjira.py worklog PROJ-123 --time "2h 30m" --comment "Work done"
Get worklogsjira.py worklogs PROJ-123

Common Workflows

Search Issues

JQL (Jira Query Language) supports powerful filtering:

# Open issues assigned to me
jira.py search "assignee = currentUser() AND status != Done"

# Issues updated this week
jira.py search "project = PROJ AND updated >= startOfWeek()"

# High priority bugs
jira.py search "type = Bug AND priority in (High, Highest)"

# Issues in current sprint
jira.py search "sprint in openSprints() AND project = PROJ"

Output: JSON array of issues with key, summary, status, assignee, priority.

Create Issues

# Basic task
jira.py create PROJ --type Task --summary "Implement feature X"

# Bug with description and priority
jira.py create PROJ --type Bug \
  --summary "Login fails on mobile" \
  --description "Steps to reproduce: 1. Open app 2. Enter credentials" \
  --priority High

# Story with labels and components
jira.py create PROJ --type Story \
  --summary "User profile page" \
  --labels "frontend,ui" \
  --components "Web App"

Update Issues

# Update summary
jira.py update PROJ-123 --summary "Updated title"

# Update multiple fields
jira.py update PROJ-123 \
  --description "New description" \
  --priority Medium \
  --labels "backend,api"

# Assign to user
jira.py update PROJ-123 --assignee "user@company.com"

Status Transitions

Transitions depend on workflow configuration. Get available transitions first:

# List available transitions
jira.py transitions PROJ-123

# Move to status
jira.py transition PROJ-123 "In Progress"
jira.py transition PROJ-123 "Done"

Sprint Management

# List all boards
jira.py boards

# Get sprints for a board
jira.py sprints 42

# Get active sprint issues
jira.py sprint-issues 100

# Filter: only active sprints
jira.py sprints 42 --state active

Work Logging

# Log time spent
jira.py worklog PROJ-123 --time "1h 30m" --comment "Code review"

# Log with specific date
jira.py worklog PROJ-123 --time "4h" --started "2024-03-14T09:00:00.000+0000"

# View existing worklogs
jira.py worklogs PROJ-123

Field Reference

See references/fields.md for:

  • Standard field names and IDs
  • Custom field handling
  • ADF (Atlassian Document Format) for rich text

Error Handling

Common errors:

  • 401 Unauthorized: Check JIRA_USER_EMAIL and JIRA_API_TOKEN
  • 404 Not Found: Issue key or project doesn't exist
  • 400 Bad Request: Invalid field values or missing required fields

Raw API Access

For operations not covered by the script:

# GET request
curl -s -u "$JIRA_USER_EMAIL:$JIRA_API_TOKEN" \
  "$JIRA_BASE_URL/rest/api/3/issue/PROJ-123" | jq .

# POST request
curl -s -X POST -u "$JIRA_USER_EMAIL:$JIRA_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"body": {"type": "doc", "version": 1, "content": [{"type": "paragraph", "content": [{"type": "text", "text": "Comment"}]}]}}' \
  "$JIRA_BASE_URL/rest/api/3/issue/PROJ-123/comment" | jq .

API docs: https://developer.atlassian.com/cloud/jira/platform/rest/v3/

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…