← Back to Skills Marketplace

Jiraandconfluence Skill

Name: Jiraandconfluence Skill
Author: arkiant

by Samuel Porras · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

538

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install jiraandconfluence-skill

Description

Automates retrieval and summary of Jira Cloud issues and Confluence Cloud pages using secure API tokens for improved workflow insights.

README (SKILL.md)

Jira & Confluence Integration Skill

Purpose

This skill provides automated interaction with Jira Cloud and Confluence to:

Read issue details, comments, and status changes.
Retrieve page content, updates, and export summaries.
Generate actionable insights for improving user conversations and documentation.

Scope

Supported platforms: Jira Cloud (REST API) and Confluence Cloud (REST API).
Authentication: Uses API tokens stored securely via environment variables.
Operations:
- GET /api/v2/issues/{issueIdOrKey} – retrieve Jira issue metadata.
- GET /api/v2/search – search issues by JQL.
- GET /wiki/rsl/{pageIdOrTitle} – retrieve Confluence page content.
- POST /comment – add comments to tickets or pages (optional).
Output: Summaries, suggested improvements, and integration points for AI-driven workflow automation.

Authentication

Store Jira and Confluence API tokens in environment variables:

export JIRA_API_TOKEN=your_jira_token
export CONFLUENCE_API_TOKEN=your_confluence_token

Use these tokens to authenticate via basic auth or bearer token as required by the platform APIs.

Installation

clawhub install jiraandconfluence-skill

Usage

After installation, call the skill via the CLI or integrate it through OpenClaw workflows:

jira-read --issue-key PROJ-123
confluence-read --title "Project Documentation"

Security

Do not hardcode credentials in scripts.
Restrict token scope to read‑only access unless explicit write permissions are granted.
Rotate tokens regularly and audit usage logs.

Version

1.0.0

Maintainer

Arkiant (contact via internal channels)

Usage Guidance

This package seems intended to read Jira and Confluence using API tokens, but it has multiple problems you should resolve before trusting it: (1) Do not install from unknown sources without review — there is no homepage and the publisher identity is unknown. (2) Expect to provide JIRA_API_TOKEN and CONFLUENCE_API_TOKEN (the skill metadata fails to declare them) and ensure tokens have minimum necessary scope (read-only if possible). (3) The scripts require curl and jq; install those or update the metadata. (4) Fix bugs before use: scripts/auth.sh has broken export syntax and will error, and the Authorization header usage is incorrect for Atlassian Cloud (the token must be used properly, typically as Basic with base64-encoded email:token or via OAuth/bearer). (5) Replace placeholder domain (your-domain.atlassian.net) with your real domain and test the scripts in an isolated environment with a limited-scope token. (6) Prefer obtaining a skill from a verifiable source, or fork and correct the code locally; review and test changes before providing real credentials. If you want, I can suggest exact fixes for the auth flow and script issues.

Capability Analysis

Type: OpenClaw Skill Name: jiraandconfluence-skill Version: 1.0.0 The skill bundle is classified as suspicious due to potential URL injection vulnerabilities in `scripts/confluence_reader.sh` and `scripts/jira_reader.sh`. User-supplied arguments (`$1`) are directly interpolated into the `curl` API endpoint URLs without proper encoding, which could allow an attacker to manipulate the API requests (e.g., path traversal, query parameter injection) made by the agent to Jira or Confluence. Additionally, `scripts/auth.sh` contains a syntax error (missing double quotes) that would prevent it from executing correctly, leading to authentication failures. There is no evidence of malicious intent or prompt injection against the AI agent.

Capability Assessment

⚠ Purpose & Capability

The skill's stated purpose is Jira/Confluence API access using API tokens, which aligns with the included scripts. However registry metadata declares no required environment variables or binaries while the scripts clearly require JIRA_API_TOKEN, CONFLUENCE_API_TOKEN, and the presence of curl and jq. That mismatch (required secrets/binaries not declared) is disproportionate and inconsistent.

ℹ Instruction Scope

SKILL.md instructs storing API tokens in environment variables and running the provided reader scripts; the scripts only contact Atlassian domains (placeholders) and do not perform obvious data exfiltration to third parties. However the SKILL.md, example files, and script endpoints include inconsistent/incorrect API paths and authentication instructions (e.g., claiming either basic or bearer while scripts send 'Authorization: Basic ${TOKEN}' directly). The instructions are otherwise scoped to the stated purpose but contain inaccuracies that could cause misuse.

✓ Install Mechanism

No install spec (instruction-only + local scripts) — lowest install risk. Nothing in the package downloads or executes remote code. This is the least risky install model.

⚠ Credentials

The skill legitimately needs two Atlassian tokens (JIRA_API_TOKEN and CONFLUENCE_API_TOKEN), which is proportionate. But those env vars are not declared in the skill metadata. Also the scripts export tokens into the environment (normal) but contain broken export syntax. Required binaries (curl, jq) are used but not declared. The missing metadata declarations make credential/permission requirements unclear.

✓ Persistence & Privilege

The skill does not request persistent or elevated platform privileges (always is false, it is user-invocable). It does not modify other skills or system configs. No persistence/privilege concerns identified.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install jiraandconfluence-skill
After installation, invoke the skill by name or use /jiraandconfluence-skill
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of Jira & Confluence Integration Skill: - Enables automated reading of Jira issues and Confluence pages via REST APIs. - Supports issue lookup, JQL search, page retrieval, and optional commenting. - Uses secure API token authentication through environment variables. - Provides actionable summaries and insights to enhance workflows. - Includes CLI commands and OpenClaw workflow integration. - Emphasizes strong security practices for credentials.

Metadata

Slug jiraandconfluence-skill

Version 1.0.0

License —

All-time Installs 1

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Jiraandconfluence Skill?

Automates retrieval and summary of Jira Cloud issues and Confluence Cloud pages using secure API tokens for improved workflow insights. It is an AI Agent Skill for Claude Code / OpenClaw, with 538 downloads so far.

How do I install Jiraandconfluence Skill?

Run "/install jiraandconfluence-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Jiraandconfluence Skill free?

Yes, Jiraandconfluence Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Jiraandconfluence Skill support?

Jiraandconfluence Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Jiraandconfluence Skill?

It is built and maintained by Samuel Porras (@arkiant); the current version is v1.0.0.

More Skills