← Back to Skills Marketplace
1036
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install clawhub-jira-pat-skill
Description
Manage Jira issues on self-hosted or enterprise Jira instances using Personal Access Tokens in SSO/SAML environments where Basic Auth fails.
README (SKILL.md)
Jira PAT Skill
Manage Jira issues on self-hosted/enterprise Jira instances using Personal Access Tokens (PAT). This skill is designed for environments where Basic Auth doesn't work due to SSO/SAML authentication.
When to Use This Skill
Use this skill when working with:
- Self-hosted Jira instances (e.g., Red Hat, enterprise deployments)
- Jira instances with SSO/SAML authentication
- Environments where
jira-clior Basic Auth fails
Note: For Atlassian Cloud with email + API token auth, use the clawdbot-jira-skill instead.
Prerequisites
-
Personal Access Token (PAT): Create one in Jira:
- Go to your Jira profile → Personal Access Tokens
- Create a new token with appropriate permissions
- Store it in environment variable
JIRA_PAT
-
Jira Base URL: Your Jira instance URL in
JIRA_URL
Environment Variables
export JIRA_PAT="your-personal-access-token"
export JIRA_URL="https://issues.example.com"
Tools
This skill uses curl and jq for all operations.
Instructions
Get Issue Details
Fetch full details of a Jira issue:
curl -s -H "Authorization: Bearer $JIRA_PAT" \
"$JIRA_URL/rest/api/2/issue/PROJECT-123" | jq
Get specific fields only:
curl -s -H "Authorization: Bearer $JIRA_PAT" \
"$JIRA_URL/rest/api/2/issue/PROJECT-123?fields=summary,status,description" | jq
Search Issues (JQL)
# Find child issues of an epic
curl -s -H "Authorization: Bearer $JIRA_PAT" \
"$JIRA_URL/rest/api/2/search?jql=parent=EPIC-123" | jq
# Complex queries (URL-encoded)
curl -s -H "Authorization: Bearer $JIRA_PAT" \
"$JIRA_URL/rest/api/2/search?jql=project%3DPROJ%20AND%20status%3DOpen" | jq
Common JQL patterns:
parent=EPIC-123- Child issues of an epicproject=PROJ AND status=Open- Open issues in projectassignee=currentUser()- Your assigned issueslabels=security- Issues with specific labelupdated >= -7d- Recently updated
Get Available Transitions
Before changing status, query available transitions:
curl -s -H "Authorization: Bearer $JIRA_PAT" \
"$JIRA_URL/rest/api/2/issue/PROJECT-123/transitions" | jq '.transitions[] | {id, name}'
Transition (Change Status)
Close an issue with a comment:
curl -s -X POST \
-H "Authorization: Bearer $JIRA_PAT" \
-H "Content-Type: application/json" \
-d '{
"transition": {"id": "61"},
"update": {
"comment": [{"add": {"body": "Closed via API"}}]
}
}' \
"$JIRA_URL/rest/api/2/issue/PROJECT-123/transitions"
Add a Comment
curl -s -X POST \
-H "Authorization: Bearer $JIRA_PAT" \
-H "Content-Type: application/json" \
-d '{"body": "Comment added via API."}' \
"$JIRA_URL/rest/api/2/issue/PROJECT-123/comment"
Update Issue Fields
curl -s -X PUT \
-H "Authorization: Bearer $JIRA_PAT" \
-H "Content-Type: application/json" \
-d '{
"fields": {
"summary": "Updated summary",
"labels": ["api", "automated"]
}
}' \
"$JIRA_URL/rest/api/2/issue/PROJECT-123"
Create an Issue
curl -s -X POST \
-H "Authorization: Bearer $JIRA_PAT" \
-H "Content-Type: application/json" \
-d '{
"fields": {
"project": {"key": "PROJ"},
"summary": "New issue via API",
"description": "Issue description",
"issuetype": {"name": "Task"},
"parent": {"key": "EPIC-123"}
}
}' \
"$JIRA_URL/rest/api/2/issue"
Useful jq Filters
# Summary and status
jq '{key: .key, summary: .fields.summary, status: .fields.status.name}'
# List search results
jq '.issues[] | {key: .key, summary: .fields.summary, status: .fields.status.name}'
# Issue links
jq '.fields.issuelinks[] | {type: .type.name, key: (.inwardIssue // .outwardIssue).key}'
Troubleshooting
| Error | Cause | Solution |
|---|---|---|
| 401 Unauthorized | Invalid/expired PAT | Regenerate token, check Bearer format |
| 404 Not Found | Issue doesn't exist or no access | Verify issue key and permissions |
| 400 Bad Request on transition | Invalid transition ID | Query available transitions first |
Comparison with Basic Auth Skills
This skill uses Bearer token authentication (Authorization: Bearer \x3CPAT>), which works with self-hosted Jira instances using SSO/SAML. For Atlassian Cloud with email + API token, use skills that implement Basic Auth instead.
Usage Guidance
This skill appears to implement a straightforward Jira PAT helper and the code does what the README says, but the package metadata omitted key operational requirements. Before installing:
- Confirm the skill owner is trustworthy (registry owner vs _meta.json owner differ). Ask the publisher to correct metadata to list required env vars (JIRA_PAT, JIRA_URL) and binaries (curl, jq) and to declare the PAT as the primary credential.
- Only provide a PAT with the minimal scopes needed for the tasks you intend (avoid broad admin scopes). Rotate/regenerate the PAT if shared accidentally.
- Verify JIRA_URL points to your intended, internal Jira server (to avoid sending tokens to an unexpected host).
- Inspect the included script locally (it is small and readable) and run it in a safe environment before granting any agent automated access to the token.
- If the publisher cannot or will not fix the metadata, treat the skill as untrusted because the platform may not handle or protect secrets correctly. If you want this skill to be considered fully coherent/benign, the missing declarations must be added to the registry metadata (required env vars and binaries).
Capability Analysis
Type: OpenClaw Skill
Name: clawhub-jira-pat-skill
Version: 0.0.1
The skill bundle is designed for Jira management using Personal Access Tokens. While the `SKILL.md` provides legitimate instructions, the `scripts/jira-pat.sh` helper script contains multiple shell injection vulnerabilities. User-supplied arguments (e.g., issue keys, JQL queries) are directly interpolated into `curl` command URLs without proper sanitization, allowing for arbitrary command execution if an attacker can control the input to these functions. This is a critical vulnerability, but there is no evidence of intentional malicious behavior like data exfiltration or backdoor installation, thus classifying it as suspicious.
Capability Assessment
Purpose & Capability
The SKILL.md and scripts clearly implement a Jira Personal Access Token (PAT) helper (issue queries, transitions, comments) which matches the skill name/purpose. However the registry metadata claims no required env vars, binaries, or primary credential, while the runtime docs and script require JIRA_PAT and JIRA_URL and assume curl and jq—this mismatch is unexpected.
Instruction Scope
Instructions and the bash script operate only on the Jira REST API using Authorization: Bearer <PAT> and reference only JIRA_PAT and JIRA_URL; they do not attempt to read unrelated files, contact other endpoints, or exfiltrate data beyond the Jira instance. The scope is limited to Jira operations.
Install Mechanism
No install spec (instruction-only) and no remote downloads. A local script is included; it is plain Bash using curl/jq. This is low risk from an install perspective.
Credentials
The skill legitimately requires a Jira PAT and Jira URL (sensible and proportionate). But the registry metadata does not declare these required environment variables (or the PAT as primary credential), which is an incoherence: an agent or platform may not surface or protect the secret as expected. The script also assumes curl and jq are available though binaries were not declared.
Persistence & Privilege
The skill does not request persistent/always-on presence (always: false) and does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other red flags.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawhub-jira-pat-skill - After installation, invoke the skill by name or use
/clawhub-jira-pat-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.1
Initial release of the Jira PAT Skill.
- Enables Jira issue management on self-hosted/enterprise Jira instances using Personal Access Tokens (PAT).
- Supports SSO/SAML environments where Basic Auth and `jira-cli` do not work.
- Provides guidance and shell/curl/jq recipes for getting issue details, searching with JQL, transitioning issues, commenting, updating, and creating issues.
- Includes troubleshooting tips for common API errors.
- Details environment variable setup and compares with Basic Auth-based skills.
Metadata
Frequently Asked Questions
What is Clawhub Jira Pat Skill?
Manage Jira issues on self-hosted or enterprise Jira instances using Personal Access Tokens in SSO/SAML environments where Basic Auth fails. It is an AI Agent Skill for Claude Code / OpenClaw, with 1036 downloads so far.
How do I install Clawhub Jira Pat Skill?
Run "/install clawhub-jira-pat-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Clawhub Jira Pat Skill free?
Yes, Clawhub Jira Pat Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Clawhub Jira Pat Skill support?
Clawhub Jira Pat Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Clawhub Jira Pat Skill?
It is built and maintained by dejanb (@dejanb); the current version is v0.0.1.
More Skills