ClawHub

Jenkins Build

v1.0.0

自动化触发 Jenkins 构建任务,支持师傅端和用户端项目打包。

0· 165·0 current·0 all-time
by@chengzongxin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the implementation: browser automation to click Jenkins 'Build Now' or fallback to API. However the included project mappings use hard-coded local paths (/Users/chengzongxin/...) and the config embeds Jenkins credentials (admin/admin), which makes the package specific to one developer's environment rather than general-purpose.
Instruction Scope
SKILL.md instructs the agent to open Jenkins pages and click the '立即构建/Build Now' button via a browser tool, or use the Jenkins API (not implemented). Instructions do not attempt to read unrelated system files or exfiltrate data. They do implicitly rely on a 'browser' automation tool and an existing logged-in session.
Install Mechanism
No install spec or external downloads; the skill is instruction-first with a small helper script. Nothing is written to disk by an install step beyond the included files.
Credentials
The skill does not request environment variables or external credentials, which is proportionate. However config.md contains explicit credentials (admin/admin) and local job paths; embedding default credentials in the shipped config is a security and operational concern and not justified by the skill's description.
Persistence & Privilege
No elevated persistence (always: false). The skill can be invoked by the agent normally; it does not request or modify other skills or system-wide configuration.
Assessment
This package appears to do what it says: open Jenkins pages or call the API to trigger builds. Before installing/using it: 1) Review and remove the hard-coded credentials (config.md lists admin/admin) — do not use default creds in production. 2) Update the project mapping (paths/job names) to match your environment; the shipped mappings are author-specific. 3) Be aware the skill assumes a browser automation tool and an active logged-in Jenkins session; ensure you trust the automation tool and its permissions. 4) If you plan to use the API path, implement safe credential handling (use platform secrets) and CSRF crumb handling instead of embedding passwords. 5) Limit who can invoke the skill (or require confirmation) to avoid accidental/unauthorized build triggers.

Like a lobster shell, security has layers — review code before you run it.

latestvk97akdjkrfrrngyg7sh4mh5q1n83ksjz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔨 Clawdis

Comments