ClawHub

Jenkins

v1.0.0

Interact with Jenkins CI/CD server via REST API. Use when you need to trigger builds, check build status, view console output, manage jobs, or monitor Jenkin...

1· 1.4k·13 current·14 all-time
byKen Chen@guoway
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and scripts/jenkins.mjs implement a Jenkins REST client (listing jobs, triggering builds, viewing console, etc.), which is coherent with the skill name and description. However, the registry metadata claims no required env vars or primary credential while the SKILL.md and script require JENKINS_URL, JENKINS_USER, and JENKINS_API_TOKEN — this metadata omission is inconsistent and should be corrected.
Instruction Scope
The runtime instructions and the included script confine actions to interacting with the configured JENKINS_URL via REST API. The instructions do not read unrelated files or credentials beyond the three Jenkins environment variables, nor do they exfiltrate data to unexpected endpoints. API responses are returned as JSON.
Install Mechanism
There is no install script or remote download; the skill is instruction-only with a bundled scripts/jenkins.mjs file. The JavaScript is plain and not obfuscated; it does not fetch or execute additional code from external URLs during install.
!
Credentials
The script legitimately requires JENKINS_URL, JENKINS_USER, and JENKINS_API_TOKEN to operate, which is proportionate to the stated purpose. The concern is that the registry-level fields (required env vars and primary credential) are not populated, so the skill as published does not advertise that it needs credentials. This mismatch can cause surprise or misconfiguration. Also the skill does not mark JENKINS_API_TOKEN as the primary credential — metadata should reflect that.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always is false). It does not modify other skills or system settings and only runs the provided script when invoked.
What to consider before installing
This skill appears to be a straightforward Jenkins REST client, but the registry metadata omits the environment variables and primary credential that the included script actually requires. Before installing, verify the skill's source (homepage/repository) and author since no homepage is provided. If you proceed: provide a Jenkins account/token with least privilege needed (prefer a service user and scoped token), ensure JENKINS_URL points to your trusted Jenkins instance, and consider running the script in an isolated environment first. Ask the publisher to update the metadata to declare JENKINS_URL, JENKINS_USER, and JENKINS_API_TOKEN (and mark the API token as the primary credential) so the requirements are explicit.

Like a lobster shell, security has layers — review code before you run it.

latestvk970312h36v5wxxvw1s5ega2mn81gnk8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments