jira-automation

SUSPICIOUS. The skill's Jira purpose is plausible, but its actual data flow is through a third-party MCP/gateway (Rube/Composio) instead of official Atlassian endpoints, and it enables broad write-capable Jira actions. This is not confirmed malware, but it is a medium-high risk integration because organizational data and OAuth-backed operations are mediated by an external service with broad scope.