atlassian-mcp

SUSPICIOUS. The skill’s purpose is plausible, but its install and data path are misaligned with the official Atlassian MCP offering. Using a non-Atlassian npm package to broker Atlassian credentials and workspace data creates medium-high supply-chain and credential-forwarding risk, even without proof of malicious behavior.