Is jira safe?

https://clawhub.ai/jdrhyne/jira

68
CAUTION

This skill is essentially empty — it contains no SKILL.md, no source code, and no package.json, only a lock.json that references a different skill name ('academic-research-hub' vs slug 'jira'). The install process timed out, suggesting blocked remote resource fetches, and filesystem monitoring detected access to sensitive files (.aws/credentials, .env, auth-profiles.json) during the install. While no data exfiltration was observed (no outbound network activity), the combination of an empty/misleading skill that triggers sensitive file reads is concerning.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 40/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 60/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 55/100 · 5%

Findings (6)

HIGH Sensitive file access during install -35

The install process accessed .env, .aws/credentials, and auth-profiles.json. While no outbound network activity was detected (meaning data did not leave the host), these reads occurred during a skill install that ultimately failed with a timeout. The access to AWS credentials is particularly concerning.

MEDIUM Skill name mismatch: slug 'jira' but lock references 'academic-research-hub' -20

The .clawhub/lock.json references a skill named 'academic-research-hub' but the skill slug is 'jira'. This mismatch suggests the repository may have been repurposed, is a placeholder, or is intentionally misleading about its purpose.

MEDIUM Empty skill with no SKILL.md or functional content -25

The skill contains no SKILL.md, no package.json, no source code — only a lock.json metadata file. This means the skill provides zero functionality but still triggers the full install pipeline including sensitive file reads. An empty skill that exists solely to be installed could serve as a reconnaissance vector.

MEDIUM Install timeout suggests blocked remote resource fetch -25

The install process failed with a timeout error. In a sandboxed environment with firewall restrictions, this pattern often indicates the skill or its dependencies attempted to reach an external resource that was blocked. The timeout rather than immediate failure suggests a network connection attempt.

LOW Temp file creation in /tmp during install -15

Multiple files were created in /tmp/jiti/ and /tmp/openclaw-1000/ during the install process. These appear to be runtime artifacts from the openclaw framework's jiti transpiler and gateway lock mechanism, not from the skill itself.

INFO No SKILL.md prevents prompt injection assessment -10

The empty SKILL.md means there are no prompt injection vectors in the skill content. However, it also means the skill's intended agent instructions cannot be evaluated. If this skill were to later add a SKILL.md (e.g., via update), it could introduce injection vectors without re-audit.