← 返回 Skills 市场
1036
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install clawhub-jira-pat-skill
功能描述
Manage Jira issues on self-hosted or enterprise Jira instances using Personal Access Tokens in SSO/SAML environments where Basic Auth fails.
使用说明 (SKILL.md)
Jira PAT Skill
Manage Jira issues on self-hosted/enterprise Jira instances using Personal Access Tokens (PAT). This skill is designed for environments where Basic Auth doesn't work due to SSO/SAML authentication.
When to Use This Skill
Use this skill when working with:
- Self-hosted Jira instances (e.g., Red Hat, enterprise deployments)
- Jira instances with SSO/SAML authentication
- Environments where
jira-clior Basic Auth fails
Note: For Atlassian Cloud with email + API token auth, use the clawdbot-jira-skill instead.
Prerequisites
-
Personal Access Token (PAT): Create one in Jira:
- Go to your Jira profile → Personal Access Tokens
- Create a new token with appropriate permissions
- Store it in environment variable
JIRA_PAT
-
Jira Base URL: Your Jira instance URL in
JIRA_URL
Environment Variables
export JIRA_PAT="your-personal-access-token"
export JIRA_URL="https://issues.example.com"
Tools
This skill uses curl and jq for all operations.
Instructions
Get Issue Details
Fetch full details of a Jira issue:
curl -s -H "Authorization: Bearer $JIRA_PAT" \
"$JIRA_URL/rest/api/2/issue/PROJECT-123" | jq
Get specific fields only:
curl -s -H "Authorization: Bearer $JIRA_PAT" \
"$JIRA_URL/rest/api/2/issue/PROJECT-123?fields=summary,status,description" | jq
Search Issues (JQL)
# Find child issues of an epic
curl -s -H "Authorization: Bearer $JIRA_PAT" \
"$JIRA_URL/rest/api/2/search?jql=parent=EPIC-123" | jq
# Complex queries (URL-encoded)
curl -s -H "Authorization: Bearer $JIRA_PAT" \
"$JIRA_URL/rest/api/2/search?jql=project%3DPROJ%20AND%20status%3DOpen" | jq
Common JQL patterns:
parent=EPIC-123- Child issues of an epicproject=PROJ AND status=Open- Open issues in projectassignee=currentUser()- Your assigned issueslabels=security- Issues with specific labelupdated >= -7d- Recently updated
Get Available Transitions
Before changing status, query available transitions:
curl -s -H "Authorization: Bearer $JIRA_PAT" \
"$JIRA_URL/rest/api/2/issue/PROJECT-123/transitions" | jq '.transitions[] | {id, name}'
Transition (Change Status)
Close an issue with a comment:
curl -s -X POST \
-H "Authorization: Bearer $JIRA_PAT" \
-H "Content-Type: application/json" \
-d '{
"transition": {"id": "61"},
"update": {
"comment": [{"add": {"body": "Closed via API"}}]
}
}' \
"$JIRA_URL/rest/api/2/issue/PROJECT-123/transitions"
Add a Comment
curl -s -X POST \
-H "Authorization: Bearer $JIRA_PAT" \
-H "Content-Type: application/json" \
-d '{"body": "Comment added via API."}' \
"$JIRA_URL/rest/api/2/issue/PROJECT-123/comment"
Update Issue Fields
curl -s -X PUT \
-H "Authorization: Bearer $JIRA_PAT" \
-H "Content-Type: application/json" \
-d '{
"fields": {
"summary": "Updated summary",
"labels": ["api", "automated"]
}
}' \
"$JIRA_URL/rest/api/2/issue/PROJECT-123"
Create an Issue
curl -s -X POST \
-H "Authorization: Bearer $JIRA_PAT" \
-H "Content-Type: application/json" \
-d '{
"fields": {
"project": {"key": "PROJ"},
"summary": "New issue via API",
"description": "Issue description",
"issuetype": {"name": "Task"},
"parent": {"key": "EPIC-123"}
}
}' \
"$JIRA_URL/rest/api/2/issue"
Useful jq Filters
# Summary and status
jq '{key: .key, summary: .fields.summary, status: .fields.status.name}'
# List search results
jq '.issues[] | {key: .key, summary: .fields.summary, status: .fields.status.name}'
# Issue links
jq '.fields.issuelinks[] | {type: .type.name, key: (.inwardIssue // .outwardIssue).key}'
Troubleshooting
| Error | Cause | Solution |
|---|---|---|
| 401 Unauthorized | Invalid/expired PAT | Regenerate token, check Bearer format |
| 404 Not Found | Issue doesn't exist or no access | Verify issue key and permissions |
| 400 Bad Request on transition | Invalid transition ID | Query available transitions first |
Comparison with Basic Auth Skills
This skill uses Bearer token authentication (Authorization: Bearer \x3CPAT>), which works with self-hosted Jira instances using SSO/SAML. For Atlassian Cloud with email + API token, use skills that implement Basic Auth instead.
安全使用建议
This skill appears to implement a straightforward Jira PAT helper and the code does what the README says, but the package metadata omitted key operational requirements. Before installing:
- Confirm the skill owner is trustworthy (registry owner vs _meta.json owner differ). Ask the publisher to correct metadata to list required env vars (JIRA_PAT, JIRA_URL) and binaries (curl, jq) and to declare the PAT as the primary credential.
- Only provide a PAT with the minimal scopes needed for the tasks you intend (avoid broad admin scopes). Rotate/regenerate the PAT if shared accidentally.
- Verify JIRA_URL points to your intended, internal Jira server (to avoid sending tokens to an unexpected host).
- Inspect the included script locally (it is small and readable) and run it in a safe environment before granting any agent automated access to the token.
- If the publisher cannot or will not fix the metadata, treat the skill as untrusted because the platform may not handle or protect secrets correctly. If you want this skill to be considered fully coherent/benign, the missing declarations must be added to the registry metadata (required env vars and binaries).
功能分析
Type: OpenClaw Skill
Name: clawhub-jira-pat-skill
Version: 0.0.1
The skill bundle is designed for Jira management using Personal Access Tokens. While the `SKILL.md` provides legitimate instructions, the `scripts/jira-pat.sh` helper script contains multiple shell injection vulnerabilities. User-supplied arguments (e.g., issue keys, JQL queries) are directly interpolated into `curl` command URLs without proper sanitization, allowing for arbitrary command execution if an attacker can control the input to these functions. This is a critical vulnerability, but there is no evidence of intentional malicious behavior like data exfiltration or backdoor installation, thus classifying it as suspicious.
能力评估
Purpose & Capability
The SKILL.md and scripts clearly implement a Jira Personal Access Token (PAT) helper (issue queries, transitions, comments) which matches the skill name/purpose. However the registry metadata claims no required env vars, binaries, or primary credential, while the runtime docs and script require JIRA_PAT and JIRA_URL and assume curl and jq—this mismatch is unexpected.
Instruction Scope
Instructions and the bash script operate only on the Jira REST API using Authorization: Bearer <PAT> and reference only JIRA_PAT and JIRA_URL; they do not attempt to read unrelated files, contact other endpoints, or exfiltrate data beyond the Jira instance. The scope is limited to Jira operations.
Install Mechanism
No install spec (instruction-only) and no remote downloads. A local script is included; it is plain Bash using curl/jq. This is low risk from an install perspective.
Credentials
The skill legitimately requires a Jira PAT and Jira URL (sensible and proportionate). But the registry metadata does not declare these required environment variables (or the PAT as primary credential), which is an incoherence: an agent or platform may not surface or protect the secret as expected. The script also assumes curl and jq are available though binaries were not declared.
Persistence & Privilege
The skill does not request persistent/always-on presence (always: false) and does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other red flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawhub-jira-pat-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawhub-jira-pat-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1
Initial release of the Jira PAT Skill.
- Enables Jira issue management on self-hosted/enterprise Jira instances using Personal Access Tokens (PAT).
- Supports SSO/SAML environments where Basic Auth and `jira-cli` do not work.
- Provides guidance and shell/curl/jq recipes for getting issue details, searching with JQL, transitioning issues, commenting, updating, and creating issues.
- Includes troubleshooting tips for common API errors.
- Details environment variable setup and compares with Basic Auth-based skills.
元数据
常见问题
Clawhub Jira Pat Skill 是什么?
Manage Jira issues on self-hosted or enterprise Jira instances using Personal Access Tokens in SSO/SAML environments where Basic Auth fails. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1036 次。
如何安装 Clawhub Jira Pat Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawhub-jira-pat-skill」即可一键安装,无需额外配置。
Clawhub Jira Pat Skill 是免费的吗?
是的,Clawhub Jira Pat Skill 完全免费(开源免费),可自由下载、安装和使用。
Clawhub Jira Pat Skill 支持哪些平台?
Clawhub Jira Pat Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Clawhub Jira Pat Skill?
由 dejanb(@dejanb)开发并维护,当前版本 v0.0.1。
推荐 Skills