Description

CLI tool for interacting with Atlassian Jira and Confluence

README (SKILL.md)

Jira-AI Skill

Name: JIra and Confluence
Author: festoinc

The jira-ai skill provides comprehensive command-line access to Atlassian Jira and Confluence platforms, allowing agents to manage issues, projects, users, and documentation efficiently.

Installation

To install jira-ai, run:

npm install -g jira-ai

Authentication Setup

Before using jira-ai, you need to configure your Jira credentials:

Create a .env file with the following values:

JIRA_HOST=your-domain.atlassian.net
[email protected]
JIRA_API_TOKEN=your-api-token

Authenticate using the .env file:
```
jira-ai auth --from-file path/to/.env
```

Configuration

You can manage settings using the settings command:

jira-ai settings --help

Apply settings from a YAML file:

jira-ai settings --apply my-settings.yaml

Validate settings:

jira-ai settings --validate my-settings.yaml

Commands Overview

Top-Level Commands

Command	Description
`jira-ai auth`	Set up Jira authentication credentials
`jira-ai settings`	View, validate, or apply configuration settings
`jira-ai about`	Show information about the tool
`jira-ai help`	Display help for commands

Issue Management (`issue`)

Command	Description
`jira-ai issue get \x3Cissue-id>`	Retrieve comprehensive issue data
`jira-ai issue create`	Create a new Jira issue
`jira-ai issue search \x3Cjql-query>`	Execute a JQL search query
`jira-ai issue transition \x3Cissue-id> \x3Cto-status>`	Change the status of a Jira issue
`jira-ai issue update \x3Cissue-id>`	Update a Jira issue's description
`jira-ai issue comment \x3Cissue-id>`	Add a new comment to a Jira issue
`jira-ai issue stats \x3Cissue-ids>`	Calculate time-based metrics for issues
`jira-ai issue assign \x3Cissue-id> \x3Caccount-id>`	Assign or reassign a Jira issue
`jira-ai issue label add \x3Cissue-id> \x3Clabels>`	Add labels to a Jira issue
`jira-ai issue label remove \x3Cissue-id> \x3Clabels>`	Remove labels from a Jira issue

Project Management (`project`)

Command	Description
`jira-ai project list`	List all accessible Jira projects
`jira-ai project statuses \x3Cproject-key>`	Fetch workflow statuses for a project
`jira-ai project types \x3Cproject-key>`	List issue types available for a project

User Management (`user`)

Command	Description
`jira-ai user me`	Show profile details for authenticated user
`jira-ai user search [project-key]`	Search and list users
`jira-ai user worklog \x3Cperson> \x3Ctimeframe>`	Retrieve worklogs for a user

Organization Management (`org`)

Command	Description
`jira-ai org list`	List all saved Jira organization profiles
`jira-ai org use \x3Calias>`	Switch the active Jira organization profile
`jira-ai org add \x3Calias>`	Add a new Jira organization profile
`jira-ai org remove \x3Calias>`	Delete credentials for an organization

Confluence Commands (`confl`)

Command	Description
`jira-ai confl get \x3Curl>`	Download Confluence page content
`jira-ai confl spaces`	List all allowed Confluence spaces
`jira-ai confl pages \x3Cspace-key>`	Display pages within a space
`jira-ai confl create \x3Cspace> \x3Ctitle> [parent-page]`	Create a new Confluence page
`jira-ai confl comment \x3Curl>`	Add a comment to a Confluence page
`jira-ai confl update \x3Curl>`	Update a Confluence page

Usage Examples

Search for issues assigned to the current user

jira-ai issue search "assignee = currentUser()"

Get details of a specific issue

jira-ai issue get PROJ-123

Create a new issue

jira-ai issue create --project "PROJ" --summary "New task" --issuetype "Story"

Transition an issue to a new status

jira-ai issue transition PROJ-123 "In Progress"

Add a comment to an issue

jira-ai issue comment PROJ-123 --file comment.md

List all projects

jira-ai project list

Get worklogs for a user

jira-ai user worklog [email protected] 2w

Configuration Options

The jira-ai tool supports extensive configuration through settings files. You can define:

Allowed Jira projects
Allowed commands
Allowed Confluence spaces
Default behaviors for various operations

Example settings structure:

defaults:
  allowed-jira-projects:
    - all                     # Allow all projects
  allowed-commands:
    - all                     # Allow all commands
  allowed-confluence-spaces:
    - all                     # Allow all Confluence spaces

organizations:
  work:
    allowed-jira-projects:
      - PROJ                  # Allow specific project
      - key: PM               # Project-specific config
        commands:
          - issue.get         # Only allow reading issues
        filters:
          participated:
            was_assignee: true
    allowed-commands:
      - issue                 # All issue commands
      - project.list          # Only project list
      - user.me               # Only user me
    allowed-confluence-spaces:
      - DOCS

Benefits

Efficient API Usage: Minimizes the number of API calls needed to perform common operations
Batch Operations: Process multiple items at once to reduce API usage
Smart Filtering: Use JQL to retrieve only the specific data needed
Local Processing: Handle operations locally before sending targeted requests to Jira
Configuration-Based Access Control: Define allowed commands and projects to prevent unauthorized operations
Specific Command Targeting: Get only the information needed, reducing payload sizes and API usage

Security Considerations

Store API tokens securely in environment files
Use configuration-based access controls to limit operations
Regularly rotate API tokens
Limit permissions to the minimum required for operations

Usage Guidance

This skill appears to do what it says (manage Jira and Confluence), but there are two red flags you should address before installing or using it: 1) Credentials: The SKILL.md instructs you to create a .env with JIRA_HOST, JIRA_USER_EMAIL, and JIRA_API_TOKEN, but the registry metadata does not list any required credentials. Treat this as an omission — the skill will need those secrets to work. Only provide a token with the minimal required scopes (avoid admin/root tokens), prefer app-specific or limited-scope API tokens, and store them securely (don’t leave plaintext .env on shared machines). 2) Installation source: The instructions tell you to run `npm install -g jira-ai`. The registry did not declare an install mechanism, so the platform didn’t vet or install that package for you. Before running npm install, verify the package and maintainer: check the npm package page and the GitHub repository (commit history, issues, maintainer identity), and prefer installing in a sandboxed environment or container. If you plan to let an automated agent invoke this skill, be cautious: an agent with access to the token could perform any API actions allowed by the token. What would increase confidence: the skill metadata listing required environment variables and a verified install spec (e.g., a known GitHub release or a vetted npm package reference), or an included code bundle maintained by the registry so the platform can scan it. If you want, I can list specific checks to run on the npm package and GitHub repo before you proceed.

Capability Analysis

Type: OpenClaw Skill Name: jiraandconfluence Version: 1.0.0 The skill is classified as suspicious due to several risky capabilities. It instructs the agent to install an external npm package (`jira-ai`), which introduces a supply chain risk. The described `jira-ai` tool has broad file system access (reading .env, .yaml, and .md files) and extensive network capabilities. Most notably, the `jira-ai confl get <url>` command allows downloading content from arbitrary URLs, not just Confluence, which could be exploited for fetching malicious payloads or potential SSRF. While these capabilities are plausibly needed for a comprehensive Jira/Confluence management tool, their breadth and the generic nature of the `confl get` URL argument present a significant attack surface if the agent were to be compromised or given malicious instructions.

Capability Assessment

ℹ Purpose & Capability

The name and description (Jira & Confluence CLI) match the actions described in SKILL.md (issue/project/user/confluence commands). This functionality reasonably needs Jira host, user email, and an API token — but those credentials are not declared in the skill metadata, which is an inconsistency.

ℹ Instruction Scope

SKILL.md instructs installing the tool with `npm install -g jira-ai` and creating/using a .env file containing JIRA_HOST, JIRA_USER_EMAIL, and JIRA_API_TOKEN (and then running `jira-ai auth --from-file`). Those instructions are within the tool's stated purpose but explicitly require the agent (or user) to provide sensitive credentials and to run commands that install/run third‑party code.

⚠ Install Mechanism

The skill has no install spec in the registry, yet the instructions recommend installing a globally-scoped npm package. That means the skill expects software from the public npm ecosystem (source not verified here). The registry should either declare the install or at least declare the external dependency; absence increases risk because the package origin/contents are not validated by the platform metadata.

⚠ Credentials

SKILL.md requires sensitive environment values (JIRA_HOST, JIRA_USER_EMAIL, JIRA_API_TOKEN) but the declared requirements list zero env vars/credentials. The skill will need secrets to operate, so the registry metadata is incomplete; this mismatch is important because users may not realize the skill requires and will access credentials.

✓ Persistence & Privilege

always is false and there is no install hook or code written by the skill itself; it is instruction-only. Autonomous invocation is allowed (platform default) — that is normal, but combined with the credential requirement it raises operational risk (see user guidance).

Version History

v1.0.0

Initial release of jira-ai: powerful CLI tool for Atlassian Jira and Confluence. - Provides comprehensive command-line management of issues, projects, users, and Confluence pages. - Includes flexible authentication setup via .env file and command. - Supports detailed configuration with YAML files, including access control for commands and projects. - Adds batch operations, smart filtering (JQL), and API usage minimization features. - Enhanced security with environment-based credentials and customizable access controls.

Metadata

Slug jiraandconfluence

Version 1.0.0

License —

All-time Installs 7

Active Installs 6

Total Versions 1

Frequently Asked Questions

What is JIra and Confluence?

CLI tool for interacting with Atlassian Jira and Confluence. It is an AI Agent Skill for Claude Code / OpenClaw, with 2174 downloads so far.

How do I install JIra and Confluence?

Run "/install jiraandconfluence" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is JIra and Confluence free?

Yes, JIra and Confluence is completely free (open-source). You can download, install and use it at no cost.

Which platforms does JIra and Confluence support?

JIra and Confluence is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created JIra and Confluence?

It is built and maintained by festoinc (@festoinc); the current version is v1.0.0.

More Skills

JIra and Confluence