Back to skill
Skillv1.0.0
ClawScan security
Jira Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:41 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only Jira helper that is internally consistent with its purpose (uses local jira CLI or MCP patterns, lists optional Jira env vars for REST fallback, and includes explicit safety guidance).
- Guidance
- This skill appears coherent and designed to operate with your local jira CLI or Atlassian MCP; it will prompt before making changes and includes explicit safety guardrails. Before installing, verify you trust the skill publisher, keep credentials scoped minimally (use a least-privileged Jira account or tokens), do not expose high-privilege API tokens to the agent, and test commands in a safe project or staging environment. If you plan to allow autonomous invocation, confirm via policy that automated ticket modifications are acceptable and that the agent cannot access unrelated files or network endpoints. Reviewing the included SAFETY.md is recommended to ensure its guardrails meet your organization's security requirements.
- Findings
[no-code-files-or-regex-findings] expected: Scanner found no code files to analyze — this is expected because the skill is instruction-only. The absence of findings is not proof of safety; the SAFETY.md provides runtime guardrails for injection and data-exfiltration risks.
Review Dimensions
- Purpose & Capability
- okName and description (Jira operations) align with the runtime instructions: they detect/use a local `jira` CLI or Atlassian MCP tools and, if unavailable, guide the user to install them. The optional env vars (JIRA_API_TOKEN, JIRA_USER, JIRA_BASE_URL) are declared as fallbacks for REST/curl use and are appropriate for that contingency.
- Instruction Scope
- noteSKILL.md instructs the agent to detect backends, display commands before running them, fetch issues before changing them, and obtain user approval for modifications — all reasonable. The doc also says to "research context" when creating tickets, which is somewhat open-ended; however the included SAFETY.md guardrails explicitly restrict risky behaviors (no piping to network, sanitize CLI inputs, confirm before posting sensitive data). Overall scope is appropriate but the "research context" wording could be interpreted broadly, so operators should ensure the agent is not granted permissions to read unrelated private files or services.
- Install Mechanism
- okNo install spec or code files are included; this is instruction-only and relies on existing local tools (jira CLI or MCP). That is the lowest-risk install posture.
- Credentials
- okThe skill does not require any environment variables by default. The three Jira-related env vars in metadata are optional and justified as REST/curl fallbacks. No unrelated credentials or system config paths are requested.
- Persistence & Privilege
- okThe skill is not force-included (always: false) and uses the platform default ability to be invoked autonomously. It does not request persistent system-wide changes or other skills' credentials.