Package Metadata

Author: Eunsan Jo
Email: —
PyPI: atlassian-skills
Python: >=3.10
Versions: 14 releases
First release: 14 Apr 2026, 00:39 UTC
Analysed: 07 Jun 2026, 18:47 UTC
Source files: 62 .py files scanned

Project Links

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3 :: OnlyProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Software Development :: Libraries

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to potential shell injection and direct keyring interaction for credentials. These issues elevate the overall threat level despite other indicators being low.

High shell risk due to 'shell=True'
High credential risk from direct keyring access

Per-check LLM notes

Network: The network calls appear to be standard requests to a known service (PYPI), which is likely legitimate.
Shell: Executing commands with 'shell=True' can pose a security risk if not properly sanitized, suggesting potential for command injection attacks.
Obfuscation: The use of base64 decoding for 'Authorization' headers might indicate an attempt to decode credentials, but could also be part of normal authentication handling.
Credentials: Direct interaction with the keyring to retrieve passwords is a high risk indicator for potential credential harvesting.
Metadata: The maintainer has only one package, indicating a potentially new or less active account.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 26 test file(s) found

Test runner config found: conftest.py
Test runner config found: conftest.py
Test runner config found: conftest.py
26 test file(s) detected (e.g. conftest.py)

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (23788 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
Type checker (mypy / pyright / pytype) referenced in project
526 type-annotated function signatures detected in source

✦ High Multiple Contributors 8.0

Active multi-contributor project

3 unique contributor(s) across 39 commits in eunsanMountain/atlassian-skills
Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

" try: response = httpx.get(PYPI_URL, timeout=timeout, headers={"Accept": "application/j
etries self._client = httpx.Client(timeout=timeout, verify=verify) # ---------------------

⚠ Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

red.to_header() raw = base64.b64decode(header["Authorization"].replace("Basic ", "")) asser
red.to_header() raw = base64.b64decode(header["Authorization"].removeprefix("Basic ")) asse

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

e: str) -> None: result = subprocess.run( command, text=True, encoding="utf-8
w binary knows). result = subprocess.run( [atls, "setup", "--skills-only"], text=True
try: result = subprocess.run( command, shell=True,
command, shell=True, capture_output=True, text=
_once_with("echo test-token", shell=True, capture_output=True, text=True, timeout=5) assert
ce_with("echo jira-specific", shell=True, capture_output=True, text=True, timeout=5) assert

⚠ Credential Harvesting score 5.0

Found 2 credential access pattern(s)

m_provider`, which calls `keyring.get_password(f"atls-{profile_name}", f"{product}_token")`. """ im
try: return keyring.get_password(f"atls-{profile_name}", f"{product}_token") except E

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository eunsanMountain/atlassian-skills appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Eunsan Jo" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with atlassian-skills

Create a mini-application named 'AtlassianAssistant' that leverages the 'atlassian-skills' Python package to provide an efficient command-line interface (CLI) for managing tasks across Atlassian products such as Jira, Confluence, Bitbucket, and Bamboo. This tool aims to streamline daily workflows for developers and project managers by allowing them to perform common operations directly from their terminal without needing to navigate through multiple web interfaces.

### Core Features:
1. **User Authentication**: Implement user authentication to securely connect to Atlassian servers using OAuth2 tokens provided by the 'atlassian-skills' package.
2. **Task Management in Jira**:
   - List all open tickets assigned to the user.
   - Create new Jira issues with customizable fields like title, description, priority, etc.
3. **Document Collaboration in Confluence**:
   - Search for pages containing specific keywords.
   - Create new pages with pre-filled content.
4. **Repository Operations in Bitbucket**:
   - Pull the latest code from a specified branch.
   - Push local changes to a remote repository.
5. **Build Management in Bamboo**:
   - Trigger a new build plan.
   - View the status of recent builds.
6. **Command History**: Maintain a history of commands executed via the CLI for easy reference and auditing purposes.

### Utilization of 'atlassian-skills':
- Use the 'atlassian-skills' package to handle all interactions with Atlassian APIs, ensuring token efficiency and secure data handling.
- Leverage the CLI capabilities provided by 'atlassian-skills' to create a seamless user experience.
- Integrate the 'claude code skill' feature of 'atlassian-skills' to enhance the functionality of the app by providing intelligent suggestions or automated actions based on user inputs.

### Development Steps:
1. Set up a virtual environment and install the 'atlassian-skills' package.
2. Design the CLI interface with clear commands and options for each Atlassian product interaction.
3. Implement user authentication logic using OAuth2 tokens from 'atlassian-skills'.
4. Develop functions for each core feature listed above, utilizing the appropriate methods provided by 'atlassian-skills'.
5. Test the application thoroughly to ensure all functionalities work as expected and securely handle sensitive information.
6. Document the setup process and usage instructions for end-users.
7. Deploy the application as a standalone executable or containerized service for easy distribution.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (6.2/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue