中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:19 hr ago Rescan
10 /100
jira-api
Jira Cloud REST API v3 automation — complements jira-cli for edit/delete worklogs, advanced JQL, bulk inspection, and raw REST calls
A clean, dependency-free Jira Cloud REST API wrapper for worklog and sprint management with legitimate netrc-based auth and no malicious indicators.
Skill Namejira-api
Duration40.2s
Enginepi
Safe to install
Approve for use. Consider documenting the required network:READ/WRITE and filesystem:READ capability in SKILL.md's allowed-tools section for completeness.

Findings 1 items

Severity Finding Location
Low
SKILL.md missing allowed-tools declaration Doc Mismatch
SKILL.md has no allowed-tools section despite the script requiring filesystem:READ (config and netrc) and network:READ/WRITE (Jira API calls). While the code is benign, the missing declaration creates an incomplete capability contract.
No allowed-tools declared
→ Add an allowed-tools section listing filesystem:READ and network:READ/WRITE to align documentation with actual resource usage.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE READ ✓ Aligned scripts/jira_api.py:94 — reads ~/.config/.jira/.config.yml; line 99 — reads ~/.n…
Network NONE WRITE ✓ Aligned scripts/jira_api.py:115 — _http() uses urllib to POST/PUT/DELETE to Jira API
Network NONE READ ✓ Aligned scripts/jira_api.py:115 — _http() uses urllib to GET Jira API endpoints

File Tree

5 files · 30.4 KB · 896 lines
Python 1f · 719L Markdown 4f · 177L
├─ 📁 references
│ ├─ 📝 agile-sprints.md Markdown 20L · 866 B
│ ├─ 📝 endpoint-map.md Markdown 34L · 1.2 KB
│ └─ 📝 jira-rest-notes.md Markdown 46L · 1.1 KB
├─ 📁 scripts
│ └─ 🐍 jira_api.py Python 719L · 24.3 KB
└─ 📝 SKILL.md Markdown 77L · 2.9 KB

Security Positives

✓ Zero external dependencies — uses only Python stdlib (urllib, netrc, argparse, json, base64)
✓ No obfuscation — base64 is used only for Basic auth header construction, a standard and documented pattern
✓ No credential exfiltration — API token is read from ~/.netrc and used only for Jira API auth; never printed or transmitted externally
✓ No sensitive path access beyond the documented netrc and config paths
✓ No subprocess, shell execution, or dynamic code evaluation
✓ No network IOCs — all HTTP requests target the configured Jira server from ~/.config/.jira/.config.yml
✓ Code is well-structured, self-documenting with 719 lines of clear, readable Python
✓ Reference documentation accurately describes endpoints and ADF format