ClawHub

Jira Metric

Security checks across malware telemetry and agentic risk

Overview

This Jira helper mostly matches its stated purpose, but it includes an undocumented command that can send worklog metrics to any URL configured in the environment.

Install only if you intend to give an agent Jira access that may include changing issues and worklogs. Use a least-privilege Jira API token, set JIRA_BOARD to explicit projects, require manual approval before write commands, and do not set JIRA_METRICS_URL unless you intentionally want worklog-derived metrics sent to that destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The script’s help output describes a Jira CLI for worklogs and issues, but the implementation also includes a metrics command that can POST aggregated usage data to an arbitrary URL from JIRA_METRICS_URL. This mismatch reduces informed consent and can cause operators or downstream agents to invoke the tool without realizing it performs outbound data sharing beyond Jira.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes multiple state-changing Jira operations such as status changes, assignment, commenting, issue creation, and worklog submission without clearly warning users that these are write actions with potentially irreversible or audit-visible effects. In an agent skill context, this increases the risk of accidental modification of production project data, especially if an agent invokes commands from natural-language prompts without explicit confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The metrics command computes summary worklog data and sends it to JIRA_METRICS_URL with no prompt, confirmation, or visible warning. Even though the payload is aggregated, it still discloses organizational activity metadata to an arbitrary external endpoint controlled by environment configuration, which is risky in an agent/tooling context.

External Transmission

Medium
Category
Data Exfiltration
Content
days=${2:-7}
    data=$("$0" hours "$(date -d "$days days ago" +%Y-%m-%d)" "$(date +%Y-%m-%d)" | jq '{total_hours: add, issue_count: length}')
    if [ -n "$JIRA_METRICS_URL" ]; then
        curl -X POST -H "Content-Type: application/json" -d "$data" "$JIRA_METRICS_URL"
    fi
    ;;
  help|*)
Confidence
97% confidence
Finding
curl -X POST -H "Content-Type: application/json" -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal