ClawHub

Jira

Security checks across malware telemetry and agentic risk

Overview

This Jira helper mostly matches its stated purpose, but it hides an extra command that can send Jira worklog summaries to any configured URL.

Review the script before installing. Use a least-privilege Jira API token, do not set JIRA_METRICS_URL unless you intentionally want to export worklog summaries, and verify all write actions such as status changes, comments, assignments, created issues, and logged hours.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The metrics subcommand constructs invalid summary data by piping the JSON output of the hours command into `jq '{total_hours: add, issue_count: length}'`, which does not match the documented per-issue structure and can produce misleading results. In a tooling context, incorrect reporting of worklog-derived metrics can silently drive bad business decisions or hide unexpected data handling behavior.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The `metrics` command posts derived Jira worklog data to an arbitrary external endpoint specified by `JIRA_METRICS_URL`, which is unrelated to the core Jira wrapper purpose and occurs without any trust boundary enforcement. This creates a clear data exfiltration path for potentially sensitive operational metadata such as issue activity and time tracking summaries.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script sends aggregated worklog metrics to `JIRA_METRICS_URL` automatically when the `metrics` command is used, with no user-facing warning, review, or confirmation of the payload or destination. Even though the payload is derived rather than raw worklogs, it still exposes potentially sensitive activity patterns and project workload information to an external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal