技能详情(站内镜像,无评论)
作者:Samuel Porras @arkiant
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 344 · 1 current installs · 1 all-time installs
⭐ 0
安装量(当前) 1
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:arkiant/jiraandconfluence-skill
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill appears to do what it claims (read Jira/Confluence), but multiple inconsistencies and buggy scripts (missing declared env/binary requirements, broken shell syntax, and incorrect auth usage) make it suspicious rather than clearly benign.
目的
The skill's stated purpose is Jira/Confluence API access using API tokens, which aligns with the included scripts. However registry metadata declares no required environment variables or binaries while the scripts clearly require JIRA_API_TOKEN, CONFLUENCE_API_TOKEN, and the presence of curl and jq. That mismatch (required secrets/binaries not declared) is disproportionate and inconsistent.
说明范围
SKILL.md instructs storing API tokens in environment variables and running the provided reader scripts; the scripts only contact Atlassian domains (placeholders) and do not perform obvious data exfiltration to third parties. However the SKILL.md, example files, and script endpoints include inconsistent/incorrect API paths and authentication instructions (e.g., claiming either basic or bearer while scripts send 'Authorization: Basic ${TOKEN}' d…
安装机制
No install spec (instruction-only + local scripts) — lowest install risk. Nothing in the package downloads or executes remote code. This is the least risky install model.
证书
The skill legitimately needs two Atlassian tokens (JIRA_API_TOKEN and CONFLUENCE_API_TOKEN), which is proportionate. But those env vars are not declared in the skill metadata. Also the scripts export tokens into the environment (normal) but contain broken export syntax. Required binaries (curl, jq) are used but not declared. The missing metadata declarations make credential/permission requirements unclear.
持久
The skill does not request persistent or elevated platform privileges (always is false, it is user-invocable). It does not modify other skills or system configs. No persistence/privilege concerns identified.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Jiraandconfluence Skill」。简介:Automates retrieval and summary of Jira Cloud issues and Confluence Cloud pages…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/arkiant/jiraandconfluence-skill/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
# Jira & Confluence Integration Skill
## Purpose
This skill provides automated interaction with Jira Cloud and Confluence to:
- Read issue details, comments, and status changes.
- Retrieve page content, updates, and export summaries.
- Generate actionable insights for improving user conversations and documentation.
## Scope
- **Supported platforms**: Jira Cloud (REST API) and Confluence Cloud (REST API).
- **Authentication**: Uses API tokens stored securely via environment variables.
- **Operations**:
- `GET /api/v2/issues/{issueIdOrKey}` – retrieve Jira issue metadata.
- `GET /api/v2/search` – search issues by JQL.
- `GET /wiki/rsl/{pageIdOrTitle}` – retrieve Confluence page content.
- `POST /comment` – add comments to tickets or pages (optional).
- **Output**: Summaries, suggested improvements, and integration points for AI-driven workflow automation.
## Authentication
- Store Jira and Confluence API tokens in environment variables:
```bash
export JIRA_API_TOKEN=your_jira_token
export CONFLUENCE_API_TOKEN=your_confluence_token
```
- Use these tokens to authenticate via basic auth or bearer token as required by the platform APIs.
## Installation
```bash
clawhub install jiraandconfluence-skill
```
## Usage
After installation, call the skill via the CLI or integrate it through OpenClaw workflows:
```bash
jira-read --issue-key PROJ-123
confluence-read --title "Project Documentation"
```
## Security
- Do **not** hardcode credentials in scripts.
- Restrict token scope to read‑only access unless explicit write permissions are granted.
- Rotate tokens regularly and audit usage logs.
## Version
1.0.0
## Maintainer
Arkiant (contact via internal channels)