← 返回 Skills 市场

Jenkins Executor Skill

Name: Jenkins Executor Skill
Author: jack084015

作者 jack084015 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

190

总下载

当前安装

版本数

在 OpenClaw 中安装

/install jenkins-executor-job

功能描述

Jenkins 任务全生命周期管理工具，支持任务列表获取、远程构建、构建状态实时查询、构建日志全文获取、运行中构建强制终止，适用于 CI/CD 自动化、发布流水线、运维自动化场景。

使用说明 (SKILL.md)

\r \r

Jenkins Executor Skill\r

功能完整、可直接对接 Jenkins API 进行任务管理\r

依赖：Python 3.x + requests 库\r

必须配置：JENKINS_URL、JENKINS_USER、JENKINS_TOKEN\r

核心功能\r

获取 Jenkins 任务列表\r
- 列出所有任务名称、URL、是否可构建、当前状态\r
- 支持分页与全量拉取\r \r
触发 Jenkins 任务构建\r
- 支持参数化构建\r
- 支持无参任务直接触发\r
- 返回构建队列编号与构建URL\r \r
查询任务最新构建状态\r
- 支持查询：构建号、状态、结果、执行时间、执行人\r
- 支持 SUCCESS / FAILURE / ABORTED / BUILDING 状态\r \r
获取构建日志\r
- 支持获取完整控制台日志\r
- 支持增量日志与全文日志\r
- 自动处理编码与换行格式\r \r
停止运行中的构建\r
- 强制终止正在执行的构建\r
- 支持根据任务名 + 构建号精确停止\r
- 返回停止结果与状态变更\r \r

配置要求\r

在环境变量中配置以下信息：\r

JENKINS_URL：Jenkins 地址（例如 http://192.168.1.100:8080）\r
JENKINS_USER：Jenkins 登录用户名\r
JENKINS_TOKEN：Jenkins 用户 Token（密码也可，但不推荐）\r \r

接口说明\r

所有功能通过 Jenkins REST API 实现，使用 HTTP Basic Auth 鉴权，支持 Jenkins 2.250+ 所有版本。\r \r

异常处理\r

网络不可达：返回连接失败提示\r
鉴权失败：返回 401 未授权\r
任务不存在：返回 404 任务不存在\r
构建已结束：无法停止，返回状态提示

安全使用建议

What to consider before installing: - Do not assume credentials are read from environment variables: this skill's code reads credentials from a local config.json (base_url, username, api_token), while the SKILL.md tells you to set JENKINS_URL/JENKINS_USER/JENKINS_TOKEN. Ask the publisher which config method is authoritative and confirm where credentials will be stored. - Avoid placing real Jenkins credentials into the skill package. If the skill requires config.json, do not commit credentials into the package; instead store the file securely on the host with strict permissions or modify the code to read env vars. - Use a least-privilege Jenkins account (service account / token) when granting access. Prefer tokens with limited scopes and separate accounts per integration. - The requirements pull jenkinsapi from PyPI (expected). Verify that your deployment environment installs dependencies from trusted registries and that you are comfortable installing those packages. - Because the publisher/source is unknown, review or run the code in an isolated environment first. If you want the documented env-var behavior, consider modifying the skill to read environment variables (or request the maintainer to fix SKILL.md to match the implementation). If you cannot confirm or fix the config mismatch, treat this skill as risky for production use due to potential accidental credential exposure or misconfiguration.

功能分析

Type: OpenClaw Skill Name: jenkins-executor-job Version: 1.0.0 The skill provides a functional interface for Jenkins CI/CD management using the 'jenkinsapi' library. It is classified as suspicious due to a security vulnerability in its credential handling: the '__init__.py' script requires sensitive credentials (username and API token) to be stored in a local 'config.json' file, which is a poor security practice compared to the environment variables suggested in 'SKILL.md'. While the code logic aligns with the stated purpose of managing Jenkins jobs, the combination of high-privilege access (triggering builds, reading logs) and insecure secret storage poses a significant risk of credential exposure.

能力评估

⚠ Purpose & Capability

The code and requirements align with a Jenkins management tool (uses jenkinsapi, exposes job/list/trigger/status/log/stop). However, SKILL.md instructs the user to provide JENKINS_URL/JENKINS_USER/JENKINS_TOKEN via environment variables, while the actual implementation reads credentials from a local config.json file. requirements.txt includes python-dotenv (suggesting env var support) but the code does not use it. This mismatch is incoherent and could cause incorrect deployment or inadvertent credential storage.

⚠ Instruction Scope

SKILL.md tells the agent to use environment variables and Basic Auth against Jenkins — which is appropriate — but the runtime instructions are inconsistent with the shipped code: the code ignores environment variables and instead reads config.json inside the skill. The skill's instructions do not mention config.json, so an operator following the docs may think credentials are safe in env vars while the skill will instead attempt to read (and possibly require writing) a local config file.

ℹ Install Mechanism

This is an instruction-only skill with a requirements.txt listing openclaw-sdk, jenkinsapi, and python-dotenv. There is no install spec in the package, but installing requirements from PyPI is a likely step; pulling jenkinsapi from PyPI is expected for this functionality (moderate risk). No downloads from arbitrary URLs or extract operations are present.

⚠ Credentials

Registry metadata declares no required env vars, yet SKILL.md requests JENKINS_URL/JENKINS_USER/JENKINS_TOKEN. The code instead expects credentials in config.json (base_url/username/api_token). This mismatch increases the risk that credentials will be stored in the skill directory (config.json) or otherwise handled in an unexpected way. The requested permissions (network access) are appropriate for Jenkins interaction.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills or global settings. It reads a local config.json bundled with the skill and does not appear to persist additional system-wide changes. No elevated persistent privileges are requested.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install jenkins-executor-job
安装完成后，直接呼叫该 Skill 的名称或使用 /jenkins-executor-job 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of Jenkins Executor Skill: - Provides full lifecycle management of Jenkins jobs, including listing jobs, triggering builds (with or without parameters), querying build status, fetching logs, and stopping running builds. - Integrates directly with Jenkins REST API using HTTP Basic Auth. - Supports job listing with pagination, parameterized and non-parameterized build triggers, real-time status checking, complete/incremental log retrieval, and precise build termination. - Requires configuration of Jenkins URL, user, and token via environment variables. - Includes comprehensive error handling for network issues, authentication failures, job not found, and stopped/finished builds.

元数据

Slug jenkins-executor-job

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题