ClawHub

Jira Metrics

Security checks across malware telemetry and agentic risk

Overview

This Jira skill mostly does what it says, but it retains an undocumented command that can send Jira worklog metrics to an arbitrary external URL.

Review before installing. Use a least-privileged Jira API token, set JIRA_BOARD to limit project scope, treat issue-changing commands as live production actions, and do not set or use JIRA_METRICS_URL or the hidden metrics command unless you explicitly intend to send Jira worklog aggregates to that endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script implements a `metrics` command that posts derived Jira activity data to an arbitrary external URL via `JIRA_METRICS_URL`, but the help text omits this command entirely. Hidden network-export behavior reduces transparency and informed consent, making accidental or covert exfiltration more likely in an agent skill context.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The `metrics` command sends derived Jira usage data to an arbitrary URL from the environment without validating destination, limiting scope, or justifying the export path. Even though the payload is summarized, it still exposes work-pattern metadata and can be redirected to attacker-controlled infrastructure, which is especially risky for an agent-accessible skill handling enterprise Jira data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents commands that can change Jira state (status changes, assignment, comments, issue creation, and worklog submission) and retrieve organization-wide worklog data, but it does not clearly warn users about these side effects or the breadth of accessible data. In an agent setting, insufficient disclosure increases the risk of unintended modifications to production project data and over-broad access to other users' time-tracking information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The `metrics` path transmits collected activity statistics externally with no user-facing warning, prompt, or confirmation. In an automation/agent setting, this creates a quiet exfiltration channel where normal-looking commands can leak organizational work metadata without the operator realizing it.

External Transmission

Medium
Category
Data Exfiltration
Content
days=${2:-7}
    data=$("$0" hours "$(date -d "$days days ago" +%Y-%m-%d)" "$(date +%Y-%m-%d)" | jq '{total_hours: add, issue_count: length}')
    if [ -n "$JIRA_METRICS_URL" ]; then
        curl -X POST -H "Content-Type: application/json" -d "$data" "$JIRA_METRICS_URL"
    fi
    ;;
  help|*)
Confidence
99% confidence
Finding
curl -X POST -H "Content-Type: application/json" -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal