jira-issue-manager

SUSPICIOUS. The skill’s Jira-management purpose mostly matches its capabilities, and the Nango/Jira cloudId flow is consistent with official documentation. However, it relies on a third-party proxy, delegates auth to another skill, and asks the agent to pass a high-value Nango secret to local scripts whose contents were not provided. This is not confirmed malware, but it carries meaningful credential-handling and trust-chain risk.