Security Audit

jira

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

jira received a trust score of 59/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Hidden network beacons / undisclosed telemetry, JQL Injection via Search Query, URL Query Parameter Injection.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 69/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

85%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

69%

Behavioral Risk Signals

Network Access

5 findings

Filesystem Write

1 finding

Shell Execution

4 findings

Dynamic Code

3 findings

Security Findings5

Severity	Finding	Layer	Location
HIGH	Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/kyjus25/clawdbot-jira-skill/scripts/jira.sh:31
HIGH	URL Query Parameter Injection The `assign_issue` and `get_user_account_id` functions directly interpolate user-provided query strings (`$assignee_query` or `$query`) into a URL query parameter without proper URL encoding. An attacker could inject `&` or other URL metacharacters to add new query parameters, potentially altering the API request's behavior (e.g., changing `maxResults` or other parameters if the API supports it). This could lead to unintended data exposure or manipulation of the API call. The user-provided query string (`$assignee_query` or `$query`) must be URL-encoded before being interpolated into the URL. This can be done using a utility like `python3 -c 'import urllib.parse; print(urllib.parse.quote_plus(input()))'` or similar, ensuring the output is then used correctly in the shell.	LLM	scripts/jira.sh:250
MEDIUM	JQL Injection via Search Query The `search` command directly embeds user-provided input (`$query`) into the JQL (Jira Query Language) string without proper sanitization. While the `curl` command uses `--data-urlencode` to prevent shell injection, it does not prevent JQL injection. A malicious user could craft a `query` string containing JQL operators (e.g., `search "timeout" OR "status = 'Done'"`) to broaden or alter the intended search results, potentially exposing more data than intended or causing unexpected behavior in the Jira API. Sanitize the user-provided `$query` to escape or remove JQL special characters before embedding it into the JQL string. Alternatively, use a more structured way to build the JQL query that separates user input from JQL syntax.	LLM	scripts/jira.sh:160
MEDIUM	Potential Data Exfiltration via URL Query Parameter Injection The URL query parameter injection vulnerability identified in `assign_issue` and `get_user_account_id` could potentially be leveraged for data exfiltration. If an attacker can inject arbitrary query parameters, they might attempt to craft a URL that redirects sensitive information (e.g., environment variables or API responses) to an attacker-controlled server, depending on the `curl` command's behavior and the Jira API's handling of such parameters. While `JIRA_URL` is an environment variable, the ability to manipulate query parameters increases the attack surface. Implement proper URL encoding for all user-provided query parameters to prevent injection, thereby mitigating the risk of data exfiltration.	LLM	scripts/jira.sh:250
LOW	URL Path Interpolation without Strict Validation Several functions (`log_work`, `get_transitions`, `do_transition`, `assign_issue`, `assign_me`, `add_comment`, `print_hours_issue`) directly interpolate the user-provided `$issue_key` into the URL path (e.g., `"/rest/api/3/issue/${issue_key}/worklog"`). While Jira issue keys are typically alphanumeric with hyphens, if a malicious `$issue_key` containing path separators (`/`) or URL encoding for them could be provided, it might lead to path traversal within the API endpoint, potentially hitting unintended API resources or causing errors. Given the typical constraints on Jira issue keys, the practical exploitability for arbitrary command execution is low, but it represents a lack of strict input validation for URL path components. Validate `$issue_key` to ensure it conforms to expected Jira issue key patterns (e.g., `[A-Z]+-[0-9]+`) and does not contain path separators or other malicious characters before interpolating it into the URL path.	LLM	scripts/jira.sh:215

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d1cf7db7fa0523ef.svg)](https://skillshield.io/report/d1cf7db7fa0523ef)