Jira Task Creator
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a straightforward Jira issue creator, but it needs a Jira bearer token and the docs advertise some features whose code is not included.
Before installing, verify the Jira base URL, use a restricted Jira token, and confirm task details before creation. The reviewed code only covers basic issue creation and user search; batch import and analytics examples reference modules that were not included.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill should understand that the configured Jira token determines what projects and users the skill can access or modify.
The skill requires a Jira bearer token to act against the user's Jira instance. This is expected for a Jira task creator, but it grants delegated account access.
export JIRA_BASE_URL="http://your-jira.com" export JIRA_BEARER_TOKEN="your-token-here"
Use a least-privilege Jira token scoped only to the intended Jira site and projects, and rotate it if it is accidentally exposed.
If invoked with the wrong project, assignee, or summary, the skill can create unwanted Jira tickets.
The code sends a POST request to Jira's issue endpoint to create a real Jira issue. This is the stated purpose, but it is still a mutating action in a business system.
response = requests.post(url, headers=headers, json=issue_data, timeout=30)
Review the task details before invoking issue creation, especially when using default project or assignee environment variables.
The advertised batch import and analytics examples are not covered by the reviewed code and may fail or depend on code not provided in this package.
The documentation references batch_creator and task_analyzer modules, but the provided file manifest only includes jira_task_creator.py and does not include those modules.
from batch_creator import BatchTaskCreator ... from task_analyzer import TaskAnalyzer
Treat the missing batch and analytics modules as unreviewed; only run them if you obtain and inspect their source from a trusted location.
User identity information returned by Jira may remain in the running process briefly during use.
The skill searches Jira users, including by email, and caches found user records in memory for five minutes. This is disclosed and purpose-aligned, with no persistent storage shown.
self.cache = {}
self.cache_ttl = 300 # 5分钟缓存
...
user = self._search_by_email(query, project_key)Use the skill in a trusted runtime and avoid searching for unnecessary personal data.