jira-issue-analyzer

Things to check before installing or running this skill: - Metadata vs code: The registry declares no required env vars, but the code and SKILL.md require JIRA_BASE_URL and JIRA_TOKEN. Treat this as a packaging oversight — confirm you are comfortable providing a Jira token before proceeding. - Token scope: Use a Jira personal access token with minimal scope/expiration appropriate for read-only issue/attachment access, not a full admin token. Do not reuse broad credentials. - Proxy behavior: The Jira client disables environment proxy settings (session.trust_env = False). If your organization relies on an HTTP(S) proxy for egress control or monitoring, this will bypass it. Ask the maintainer why this was set; remove or change it if you need proxy-based controls. - Hard-coded script: jira/unzip_attachment.py contains a hard-coded zip filename (c52056b2-..._app_log.zip) and will exit if that file is not present; it appears to be an example or leftover. Review and either remove or parameterize it before running to avoid unexpected behavior. - Inspect .env.example: Confirm what variables are required and that no extra secrets are requested. The code currently only reads JIRA_BASE_URL and JIRA_TOKEN but verify there are no hidden env dependencies. - Run in isolated environment: Create the venv as instructed and review the code locally before executing. Consider running network-active parts in an environment where you can monitor outbound requests (e.g., via a firewall or proxy you control). - Confirm report storage: Reports and attachments will be written to your project .cursor/work/jira and temporary /tmp/jira_<ISSUE_KEY> by default. Ensure you are comfortable with these locations and that sensitive attachments are handled according to your policy. If the publisher updates the registry to declare required env vars, documents why proxies are disabled, and removes or documents the hard-coded unzip example, my confidence that the package is coherent would increase.