← Back to Skills Marketplace
115
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install jira-issue-analyzer
Description
Jira 问题分析编排器。负责获取 issue 与附件、委托日志分析 subagent,并产出最终 Markdown 报告到本地目录。适用于用户要求生成 Jira 问题分析文档的场景。
README (SKILL.md)
Jira Issue Analyzer
前置检查
- Jira 脚本目录(已迁移到 Skill 内,不在项目目录):
~/.cursor/skills/jira-issue-analyzer/jira
- 初始化虚拟环境(必须):
cd ~/.cursor/skills/jira-issue-analyzer/jirapython3 -m venv .venv.venv/bin/python -m pip install -r requirements.txt
- 配置:
cp .env.example .env- 填写
JIRA_BASE_URL、JIRA_TOKEN
- 连接测试(必须使用 venv python):
.venv/bin/python main.py --test
标准工作流
1) 获取 issue 信息
cd ~/.cursor/skills/jira-issue-analyzer/jira
.venv/bin/python main.py get \x3CISSUE_KEY_OR_URL> -f json
2) 下载附件
cd ~/.cursor/skills/jira-issue-analyzer/jira
.venv/bin/python main.py download \x3CISSUE_KEY_OR_URL> -d /tmp/jira_\x3CISSUE_KEY>
3) 解压压缩包并递归处理
需要时解压压缩包,作为后续分析输入。
4) 委托日志分析 subagent
日志分析与问题归因请直接委托个人 subagent:
jira-log-analyst(定义文件:~/.cursor/agents/jira-log-analyst.md)
5) 输出标准报告
按 report-template.md 结构输出。
6) 报告落地到本地文件
将报告以 Markdown 文件保存到项目目录:
- 目录:
\x3Cproject>/.cursor/work/jira/ - 文件名建议:
\x3CISSUE_KEY>_analysis.md
示例路径:
/Users/zhangyu/FlutterProject/flutter_hiigge_app/.cursor/work/jira/PI2506-150_analysis.md
7) 清理下载附件
报告生成并保存后,删除临时附件目录,避免磁盘堆积:
- 例如删除
/tmp/jira_\x3CISSUE_KEY> - 必须在报告落盘完成后再执行
快速命令参考
# 获取 issue 详情
cd ~/.cursor/skills/jira-issue-analyzer/jira
.venv/bin/python main.py get HA-2560 -f json
# 下载附件
.venv/bin/python main.py download HA-2560 -d /tmp/jira_HA-2560
Usage Guidance
Things to check before installing or running this skill:
- Metadata vs code: The registry declares no required env vars, but the code and SKILL.md require JIRA_BASE_URL and JIRA_TOKEN. Treat this as a packaging oversight — confirm you are comfortable providing a Jira token before proceeding.
- Token scope: Use a Jira personal access token with minimal scope/expiration appropriate for read-only issue/attachment access, not a full admin token. Do not reuse broad credentials.
- Proxy behavior: The Jira client disables environment proxy settings (session.trust_env = False). If your organization relies on an HTTP(S) proxy for egress control or monitoring, this will bypass it. Ask the maintainer why this was set; remove or change it if you need proxy-based controls.
- Hard-coded script: jira/unzip_attachment.py contains a hard-coded zip filename (c52056b2-..._app_log.zip) and will exit if that file is not present; it appears to be an example or leftover. Review and either remove or parameterize it before running to avoid unexpected behavior.
- Inspect .env.example: Confirm what variables are required and that no extra secrets are requested. The code currently only reads JIRA_BASE_URL and JIRA_TOKEN but verify there are no hidden env dependencies.
- Run in isolated environment: Create the venv as instructed and review the code locally before executing. Consider running network-active parts in an environment where you can monitor outbound requests (e.g., via a firewall or proxy you control).
- Confirm report storage: Reports and attachments will be written to your project .cursor/work/jira and temporary /tmp/jira_<ISSUE_KEY> by default. Ensure you are comfortable with these locations and that sensitive attachments are handled according to your policy.
If the publisher updates the registry to declare required env vars, documents why proxies are disabled, and removes or documents the hard-coded unzip example, my confidence that the package is coherent would increase.
Capability Analysis
Type: OpenClaw Skill
Name: jira-issue-analyzer
Version: 1.0.0
The skill bundle contains a path traversal vulnerability in `jira/jira_client.py` within the `download_attachment` method, as it joins a destination directory with an unsanitized filename provided by the Jira API. Additionally, the workflow in `SKILL.md` requires high-risk operations such as shell execution for environment setup and dependency installation. While the code appears to serve its stated purpose of Jira analysis, these risky capabilities and the lack of input sanitization meet the threshold for a suspicious classification under the provided criteria.
Capability Assessment
Purpose & Capability
The skill's name/description match the included Python code (jira_client, main) which fetches issues, downloads attachments, and produces reports. However, the registry metadata declares no required environment variables or primary credential, while the code and SKILL.md clearly require JIRA_BASE_URL and JIRA_TOKEN — a metadata mismatch that should be resolved.
Instruction Scope
SKILL.md stays within the stated purpose (create venv, install requirements, fill .env, run main.py to get/download issues, delegate to included jira-log-analyst). It references only local paths under ~/.cursor and the target project .cursor/work/jira for report output. It does not instruct exfiltration to external endpoints beyond the configured Jira server. Still, the instructions assume files live in ~/.cursor/skills and require a .env with secrets not declared in the registry.
Install Mechanism
No install spec — instruction-only with shipped Python scripts. requirements.txt only lists requests and python-dotenv, which is proportionate to the task. Nothing in the install surface pulls arbitrary remote archives or runs opaque installers.
Credentials
The code legitimately needs JIRA_BASE_URL and JIRA_TOKEN, but the skill metadata does not declare them. Additional concerns: jira_client sets session.trust_env = False which disables honoring HTTP(S)_PROXY environment variables — this will bypass system or enterprise proxy controls (monitoring/network egress rules) and may be unexpected. The code fetches personal fields (assignee/reporters' email addresses) and downloads attachments — all expected for the feature but they are sensitive and require that users trust the skill before providing credentials.
Persistence & Privilege
The skill does not request permanent inclusion (always:false) and does not modify other skills or system-wide configs. It will create a virtualenv under the skill directory and write report files into the user's project .cursor/work/jira directory per the instructions — this is expected behavior for a local report generator.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install jira-issue-analyzer - After installation, invoke the skill by name or use
/jira-issue-analyzer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of jira-issue-analyzer.
- Provides tools to fetch Jira issue details and attachments.
- Supports structured workflow for analyzing and generating Markdown reports locally.
- Integrates subagent delegation for log analysis and problem attribution.
- Standardizes report output and storage locations.
- Includes detailed setup and command references for quick start.
Metadata
Frequently Asked Questions
What is jira-issue-analyzer?
Jira 问题分析编排器。负责获取 issue 与附件、委托日志分析 subagent,并产出最终 Markdown 报告到本地目录。适用于用户要求生成 Jira 问题分析文档的场景。 It is an AI Agent Skill for Claude Code / OpenClaw, with 115 downloads so far.
How do I install jira-issue-analyzer?
Run "/install jira-issue-analyzer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is jira-issue-analyzer free?
Yes, jira-issue-analyzer is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does jira-issue-analyzer support?
jira-issue-analyzer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created jira-issue-analyzer?
It is built and maintained by Dimos (@dimos92); the current version is v1.0.0.
More Skills