zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-06-14 20:21:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(skills): keep curl credentials out of argv (#2175)

Browse Source 
* fix(skills): avoid curl credential argv leaks

* test(ci): guard secret curl examples
This commit is contained in:
Kumario
2026-06-07 00:25:45 -05:00
committed by GitHub
parent 40673a89fa
commit 70fde3c14f
5 changed files with 143 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/jira-integration/SKILL.md
+15 -6
View File
@@ -65,6 +65,15 @@ If MCP is not available, use the Jira REST API v3 directly via `curl` or a helpe
Store these in your shell environment, secrets manager, or an untracked local env file. Do not commit them to the repo.
For direct `curl` examples, keep credentials out of command-line arguments by passing the Jira user config on stdin:
```bash
jira_curl() {
printf 'user = "%s:%s"\n' "$JIRA_EMAIL" "$JIRA_API_TOKEN" |
curl -s -K - "$@"
}
```
## MCP Tools Reference
When the `mcp-atlassian` MCP server is configured, these tools are available:
@@ -88,7 +97,7 @@ When the `mcp-atlassian` MCP server is configured, these tools are available:
### Fetch a Ticket
```bash
curl -s -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
jira_curl \
-H "Content-Type: application/json" \
"$JIRA_URL/rest/api/3/issue/PROJ-1234" | jq '{
key: .key,
@@ -105,7 +114,7 @@ curl -s -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
### Fetch Comments
```bash
curl -s -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
jira_curl \
-H "Content-Type: application/json" \
"$JIRA_URL/rest/api/3/issue/PROJ-1234?fields=comment" | jq '.fields.comment.comments[] | {
author: .author.displayName,
@@ -117,7 +126,7 @@ curl -s -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
### Add a Comment
```bash
curl -s -X POST -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
jira_curl -X POST \
-H "Content-Type: application/json" \
-d '{
"body": {
@@ -136,11 +145,11 @@ curl -s -X POST -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
```bash
# 1. Get available transitions
curl -s -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
jira_curl \
"$JIRA_URL/rest/api/3/issue/PROJ-1234/transitions" | jq '.transitions[] | {id, name: .name}'
# 2. Execute transition (replace TRANSITION_ID)
curl -s -X POST -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
jira_curl -X POST \
-H "Content-Type: application/json" \
-d '{"transition": {"id": "TRANSITION_ID"}}' \
"$JIRA_URL/rest/api/3/issue/PROJ-1234/transitions"
@@ -149,7 +158,7 @@ curl -s -X POST -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
### Search with JQL
```bash
curl -s -G -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
jira_curl -G \
--data-urlencode "jql=project = PROJ AND status = 'In Progress'" \
"$JIRA_URL/rest/api/3/search"
```
skills/social-publisher/SKILL.md
+2 -1
View File
@@ -23,7 +23,8 @@ Connects Claude Code to [SocialClaw](https://getsocialclaw.com) for agent-driven
export SC_API_KEY="<workspace-key>"
# Verify access
curl -sS -H "Authorization: Bearer $SC_API_KEY" https://getsocialclaw.com/v1/keys/validate
printf 'header = "Authorization: Bearer %s"\n' "$SC_API_KEY" |
curl -sS -K - https://getsocialclaw.com/v1/keys/validate
# Install CLI (optional but recommended)
npm install -g socialclaw@0.1.12