← Back to Skills Marketplace
Snowsand Confluence
by
snowsand-enterprises
· GitHub ↗
· v1.0.0
· MIT-0
240
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install snowsand-confluence
Description
Interact with Confluence Cloud via REST API. Use for space management, page operations (list, view, create, update, delete), content search (CQL queries), pa...
Usage Guidance
What to consider before installing:
- The included script and SKILL.md legitimately require CONFLUENCE_BASE_URL, CONFLUENCE_USER_EMAIL, and CONFLUENCE_API_TOKEN, but the skill registry metadata does not declare these—ask the publisher to correct metadata so required secrets are visible before you install.
- The source/homepage is unknown and there is no published owner info; prefer skills with a verifiable publisher or repo.
- If you proceed, create a service account or API token with the minimum permissions needed (avoid admin tokens) because the CLI supports destructive operations (delete/purge).
- Review scripts/confluence.py yourself (it is included and readable) and test in an isolated environment or sandbox first.
- Confirm that CONFLUENCE_BASE_URL points to your trusted Atlassian instance (the skill will send all requests to that URL). If the publisher cannot explain the metadata omission or provide a reputable source, avoid installing.
Capability Analysis
Type: OpenClaw Skill
Name: snowsand-confluence
Version: 1.0.0
The skill bundle provides a comprehensive integration with Confluence Cloud but is classified as suspicious due to high-risk behaviors and potential vulnerabilities. Specifically, the `download` command in `scripts/confluence.py` is vulnerable to path traversal because it uses the attachment title directly from the API as a local filename without sanitization. Additionally, the script's ability to read and upload arbitrary local files via the `upload` command, combined with its requirement for sensitive credentials (API tokens), presents a significant attack surface for prompt injection, although no evidence of intentional malice or data exfiltration was found.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, and scripts/confluence.py are coherent: they implement a Confluence Cloud REST API CLI (spaces, pages, attachments, comments, labels, CQL). However the registry metadata lists no required environment variables or primary credential while the SKILL.md and the script both require CONFLUENCE_BASE_URL, CONFLUENCE_USER_EMAIL, and CONFLUENCE_API_TOKEN. That metadata omission is an inconsistency.
Instruction Scope
SKILL.md instructs the agent to call the included scripts/confluence.py and to set Confluence-specific env vars; the runtime instructions and CLI operations focus on Confluence API endpoints. The instructions do not ask the agent to read unrelated system files or contact external endpoints beyond the user-provided CONFLUENCE_BASE_URL.
Install Mechanism
There is no install spec or external download; the skill is instruction/code-only and includes the Python script bundled with the skill. No remote installers, archive downloads, or unusual install locations are used.
Credentials
The script requires three sensitive environment variables (CONFLUENCE_BASE_URL, CONFLUENCE_USER_EMAIL, CONFLUENCE_API_TOKEN) which are appropriate for the declared purpose, but the registry metadata does not declare any required env vars or primary credential. That lack of declared required credentials reduces transparency and is a red flag. Also the skill will perform destructive actions (delete/purge pages, delete attachments) if given credentials with broad permissions—least-privilege credentials are advisable.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide configs. Default autonomous invocation is allowed (platform default), which is expected for a utility skill; combined with the credential concerns above it increases potential impact but is not by itself unusual.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install snowsand-confluence - After installation, invoke the skill by name or use
/snowsand-confluence - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of snowsand-confluence.
- Integrates with Confluence Cloud REST API v2 for space, page, attachment, comment, and label management.
- Supports listing, viewing, creating, updating, and deleting spaces and pages.
- Provides CQL search, page tree navigation (parent/child), and other documentation workflows.
- Attachment and comment operations included (list, upload, download, add, update, delete).
- Authentication via Confluence Cloud API token and environment variables.
- Includes detailed CLI usage examples and storage format references.
Metadata
Frequently Asked Questions
What is Snowsand Confluence?
Interact with Confluence Cloud via REST API. Use for space management, page operations (list, view, create, update, delete), content search (CQL queries), pa... It is an AI Agent Skill for Claude Code / OpenClaw, with 240 downloads so far.
How do I install Snowsand Confluence?
Run "/install snowsand-confluence" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Snowsand Confluence free?
Yes, Snowsand Confluence is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Snowsand Confluence support?
Snowsand Confluence is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Snowsand Confluence?
It is built and maintained by snowsand-enterprises (@snowsand-enterprises); the current version is v1.0.0.
More Skills