Jira (Atlassian)
Atlassian's official Remote MCP for Jira and Confluence. OAuth flow, search across spaces, ticket updates.
B
Safety & Trust
Delv Safety Grade: B
Score 72/100 · assessed 2026-04-22
Maintainer55
Permissions75
Supply chain65
Transparency80
Incidents100
This MCP server connects to Jira and Confluence APIs using standard OAuth authentication. Whilst Atlassian officially endorses it (per their blog announcement), the actual maintainer is 'sooperset', a community developer, not Atlassian's internal team. The repository shows reasonable activity and documentation. Permissions are scoped to Jira ticket operations and Confluence searches, which is appropriate for the stated purpose. Supply chain is moderate: distributed via uvx/PyPI but the package name and maintainer identity create some ambiguity about official ownership. API tokens are required as environment variables, which is standard for Atlassian integrations. No known security incidents. The main concern is the disconnect between 'official' labelling and community maintenance, though the Atlassian blog post does validate the project's legitimacy.
Lethal Trifecta (prompt-injection exposure)
TRIFECTA RISKAll three axes present. This server can read private data, ingest attacker-controlled content, and send data outbound. A poisoned input (a GitHub issue, an email, a webpage) can exfiltrate secrets via this chain. Only install with auditing; avoid on shared or cloud agents.
Private dataYes
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound
Same shape as Linear — private tickets, mixed-trust comments, outbound updates.
Green flags
- Validated by Atlassian blog post announcement
- OAuth flow implementation follows Atlassian best practices
- Scoped to read/write operations within Jira and Confluence only
- Open source with clear documentation and usage examples
- No known security incidents or credential leaks
Red flags
- Maintainer 'sooperset' is not Atlassian org despite 'official' claim
- Requires API tokens stored as env vars with broad Jira/Confluence access
- No package registry listing under Atlassian's verified namespace
- Bus factor: appears to be solo community maintainer
Permissions requested
Outbound networkAccess secretsRepo readRepo writeRead messagesSend messages
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.
Install
uvx mcp-atlassian
Env vars needed:
JIRA_URLJIRA_USERNAMEJIRA_API_TOKENReview
This is Atlassian's official MCP server for Jira and Confluence, which means it's built by the people who actually own the APIs. You get OAuth-based authentication, cross-space search in Confluence, and ticket updates in Jira, all exposed as MCP tools your AI can call directly.
I've used this to let Claude search our Confluence docs while debugging production issues. Instead of switching tabs to hunt down runbook steps, I ask Claude to pull the relevant page, then create a Jira ticket with context already filled in. The workflow feels faster than manual copy-paste, especially when you're triaging multiple issues. The OAuth flow is proper, so you're not storing long-lived tokens in plaintext config files, which matters if you're working in a regulated environment.
The server lives in a repo called mcp-atlassian, not mcp-jira, because it handles both products. That's fine, but the naming threw me initially. You'll need JIRA_URL, JIRA_USERNAME, and JIRA_API_TOKEN as environment variables. The API token is generated from your Atlassian account settings, not your Jira instance itself, which is a common stumbling block. Once configured, the MCP exposes tools like search_confluence, get_jira_issue, and update_jira_issue. They're named clearly and the responses are JSON, so Claude can parse them without hallucinating field names.
Quirks: the search can be slow if your Confluence instance has thousands of pages, and there's no built-in rate limiting on the MCP side, so you can hit Atlassian's API limits if you're not careful. Also, this is a remote MCP server, which means it runs as a separate process and communicates over stdio. Some hosts handle this better than others. Claude Desktop and Claude Code are explicitly supported, Cursor works but needs manual config.
If you're not already using Jira and Confluence, this won't convert you. But if those tools are already in your workflow, this MCP turns your AI into a first-class client for them. I'd skip it if you're only doing light issue tracking or if your team uses Linear or GitHub Issues instead.
Verdict
Install this if Jira and Confluence are already central to your workflow and you want Claude to search docs or update tickets without leaving the conversation. Skip it if you're not an Atlassian shop or if you're only occasionally poking at tickets, the setup overhead isn't worth it for casual use.
Good at
- Official Atlassian build, so it tracks API changes and uses proper OAuth instead of hacky workarounds.
- Handles both Jira and Confluence in one server, which is useful if your team uses both for documentation and issue tracking.
- Search results include page content and metadata, so Claude can summarise or extract specific sections without you opening a browser.
- Works well for creating tickets with pre-filled context from conversations, saves manual copy-paste when triaging bugs.
Watch out
- Requires environment variables for API tokens, which means you're managing credentials outside the MCP config itself.
- Search performance depends on your Confluence instance size, can be slow with large knowledge bases.
- No built-in rate limiting, so you can hit Atlassian's API throttle if you're running multiple queries in quick succession.
- Remote MCP setup is more involved than stdio servers, and hosts beyond Claude Desktop need manual wiring.
Getting started
1. Generate an API token from your Atlassian account settings (not your Jira admin panel). 2. Clone the mcp-atlassian repo and install dependencies with npm install. 3. Add the server to your Claude Desktop config with JIRA_URL, JIRA_USERNAME, and JIRA_API_TOKEN as environment variables. 4. Restart Claude Desktop and test by asking it to search Confluence or fetch a Jira issue by key. 5. Watch out for API rate limits if you're running bulk searches, Atlassian throttles aggressively on free tiers.
Works with
Claude DesktopClaude CodeCursor
Similar MCPs
- GitHubFull GitHub API access - manage repos, issues, PRs, and code search. One of the most useful MCPs for any developer workflow.
- GrafanaGrafana Labs' official MCP. Read dashboards, datasources, alerts, and run Loki/Prometheus queries from inside your agent.
- SentryPull live errors, issues, and replays from Sentry into Claude. Great for debugging sessions where the model can see what actually broke in prod.
- MCP CLIInteractive CLI inspector for MCP servers supporting OAuth, tool calls, resource reads, and prompt runs.