← 返回 Skills 市场
Jiraandconfluence Skill
作者
Samuel Porras
· GitHub ↗
· v1.0.0
538
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install jiraandconfluence-skill
功能描述
Automates retrieval and summary of Jira Cloud issues and Confluence Cloud pages using secure API tokens for improved workflow insights.
使用说明 (SKILL.md)
Jira & Confluence Integration Skill
Purpose
This skill provides automated interaction with Jira Cloud and Confluence to:
- Read issue details, comments, and status changes.
- Retrieve page content, updates, and export summaries.
- Generate actionable insights for improving user conversations and documentation.
Scope
- Supported platforms: Jira Cloud (REST API) and Confluence Cloud (REST API).
- Authentication: Uses API tokens stored securely via environment variables.
- Operations:
GET /api/v2/issues/{issueIdOrKey}– retrieve Jira issue metadata.GET /api/v2/search– search issues by JQL.GET /wiki/rsl/{pageIdOrTitle}– retrieve Confluence page content.POST /comment– add comments to tickets or pages (optional).
- Output: Summaries, suggested improvements, and integration points for AI-driven workflow automation.
Authentication
- Store Jira and Confluence API tokens in environment variables:
export JIRA_API_TOKEN=your_jira_token export CONFLUENCE_API_TOKEN=your_confluence_token - Use these tokens to authenticate via basic auth or bearer token as required by the platform APIs.
Installation
clawhub install jiraandconfluence-skill
Usage
After installation, call the skill via the CLI or integrate it through OpenClaw workflows:
jira-read --issue-key PROJ-123
confluence-read --title "Project Documentation"
Security
- Do not hardcode credentials in scripts.
- Restrict token scope to read‑only access unless explicit write permissions are granted.
- Rotate tokens regularly and audit usage logs.
Version
1.0.0
Maintainer
Arkiant (contact via internal channels)
安全使用建议
This package seems intended to read Jira and Confluence using API tokens, but it has multiple problems you should resolve before trusting it: (1) Do not install from unknown sources without review — there is no homepage and the publisher identity is unknown. (2) Expect to provide JIRA_API_TOKEN and CONFLUENCE_API_TOKEN (the skill metadata fails to declare them) and ensure tokens have minimum necessary scope (read-only if possible). (3) The scripts require curl and jq; install those or update the metadata. (4) Fix bugs before use: scripts/auth.sh has broken export syntax and will error, and the Authorization header usage is incorrect for Atlassian Cloud (the token must be used properly, typically as Basic with base64-encoded email:token or via OAuth/bearer). (5) Replace placeholder domain (your-domain.atlassian.net) with your real domain and test the scripts in an isolated environment with a limited-scope token. (6) Prefer obtaining a skill from a verifiable source, or fork and correct the code locally; review and test changes before providing real credentials. If you want, I can suggest exact fixes for the auth flow and script issues.
功能分析
Type: OpenClaw Skill
Name: jiraandconfluence-skill
Version: 1.0.0
The skill bundle is classified as suspicious due to potential URL injection vulnerabilities in `scripts/confluence_reader.sh` and `scripts/jira_reader.sh`. User-supplied arguments (`$1`) are directly interpolated into the `curl` API endpoint URLs without proper encoding, which could allow an attacker to manipulate the API requests (e.g., path traversal, query parameter injection) made by the agent to Jira or Confluence. Additionally, `scripts/auth.sh` contains a syntax error (missing double quotes) that would prevent it from executing correctly, leading to authentication failures. There is no evidence of malicious intent or prompt injection against the AI agent.
能力评估
Purpose & Capability
The skill's stated purpose is Jira/Confluence API access using API tokens, which aligns with the included scripts. However registry metadata declares no required environment variables or binaries while the scripts clearly require JIRA_API_TOKEN, CONFLUENCE_API_TOKEN, and the presence of curl and jq. That mismatch (required secrets/binaries not declared) is disproportionate and inconsistent.
Instruction Scope
SKILL.md instructs storing API tokens in environment variables and running the provided reader scripts; the scripts only contact Atlassian domains (placeholders) and do not perform obvious data exfiltration to third parties. However the SKILL.md, example files, and script endpoints include inconsistent/incorrect API paths and authentication instructions (e.g., claiming either basic or bearer while scripts send 'Authorization: Basic ${TOKEN}' directly). The instructions are otherwise scoped to the stated purpose but contain inaccuracies that could cause misuse.
Install Mechanism
No install spec (instruction-only + local scripts) — lowest install risk. Nothing in the package downloads or executes remote code. This is the least risky install model.
Credentials
The skill legitimately needs two Atlassian tokens (JIRA_API_TOKEN and CONFLUENCE_API_TOKEN), which is proportionate. But those env vars are not declared in the skill metadata. Also the scripts export tokens into the environment (normal) but contain broken export syntax. Required binaries (curl, jq) are used but not declared. The missing metadata declarations make credential/permission requirements unclear.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always is false, it is user-invocable). It does not modify other skills or system configs. No persistence/privilege concerns identified.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install jiraandconfluence-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/jiraandconfluence-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Jira & Confluence Integration Skill:
- Enables automated reading of Jira issues and Confluence pages via REST APIs.
- Supports issue lookup, JQL search, page retrieval, and optional commenting.
- Uses secure API token authentication through environment variables.
- Provides actionable summaries and insights to enhance workflows.
- Includes CLI commands and OpenClaw workflow integration.
- Emphasizes strong security practices for credentials.
元数据
常见问题
Jiraandconfluence Skill 是什么?
Automates retrieval and summary of Jira Cloud issues and Confluence Cloud pages using secure API tokens for improved workflow insights. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 538 次。
如何安装 Jiraandconfluence Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install jiraandconfluence-skill」即可一键安装,无需额外配置。
Jiraandconfluence Skill 是免费的吗?
是的,Jiraandconfluence Skill 完全免费(开源免费),可自由下载、安装和使用。
Jiraandconfluence Skill 支持哪些平台?
Jiraandconfluence Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Jiraandconfluence Skill?
由 Samuel Porras(@arkiant)开发并维护,当前版本 v1.0.0。
推荐 Skills