← 返回 Skills 市场
clairproqc-star

Jira Task Manager

作者 clairproqc-star · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
124
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install jira-task-manager
功能描述
Jira automation for JiraATX (project DS). Create, update, comment, transition issues, list To Do tasks, sync repo, execute tasks end-to-end. Triggers: DS-XXX...
使用说明 (SKILL.md)

Jira Task Manager Skill

This skill automates common Jira operations.

Resource Locations

  • Jira Configuration: Refer to references/jira.md for Jira URL, credentials, and Google Drive folder ID.
  • Scripts: All automation logic resides in scripts/.

Standard Workflows

1. List To Do Issues

scripts/get_my_todo_issues.py — Returns issues assigned to [email protected] in project DS with status "To Do".

2. Get Issue Details

scripts/get_issue_description.py \x3CISSUE_KEY> — Returns summary and full description.

3. Create Issue

scripts/create_issue.py — Requires: Project Key, Issue Type, Summary. Optional: description template from Google Drive, Priority, Assignee.

4. Update Issue

scripts/update_issue.py — Requires: Issue Key, field, new value. Uses transition IDs for status changes.

5. Add Comment

scripts/add_comment.py — Requires: Issue Key, comment text. Optional: attachment from Google Drive.

6. Get Issue Info

scripts/get_issue_info.py \x3CISSUE_KEY> — Returns current status, assignee, and metadata.

7. Prepare Repo

scripts/sync_repo.py \x3CISSUE_KEY> — Finds repo via references/repos.json, fetches remote, checks out or creates feature/\x3CISSUE_KEY> branch. Reports repo_path and branch. Optional: --branch \x3Cname> to force branch name.

8. Full Task Execution Flow (End-to-End)

Trigger: "work on DS-XXX", "fix DS-XXX", "pick up DS-XXX". Follow steps in order without asking unless blocked.

  1. get_issue_info.py → summarize task, acceptance criteria, subtasks.
  2. Confirm with user — wait for explicit approval before proceeding.
  3. sync_repo.py \x3CISSUE_KEY> → report repo_path and branch. All edits are relative to repo_path.
  4. Read relevant source files before making any changes.
  5. Implement changes. No per-edit confirmations unless scope is ambiguous.
  6. run_tests.py --issue \x3CISSUE_KEY> → fix failures, re-run until passing.
  7. Report: what changed, test results, branch. Stop and wait — do not merge, push, or transition status until user approves.

9. React/Zustand State Persistence Bugs

Trigger: Field reverts after navigation or re-entering a detail page.

  • Sync field updates back to the global store immediately after a successful mutation.
  • Keep per-entity overrides (keyed by entity id) and merge after re-fetch rather than caching the whole object.
  • Audit useMemo/useCallback/useEffect deps for stale closures. Use selector-based Zustand subscriptions for high-traffic components.
  • Apply the smallest safe fix — avoid broadening cache scope unnecessarily.

Important Notes

  • All Jira API interactions will be performed using the credentials stored in references/jira.md.
  • Repo-to-issue mapping and test commands are configured in references/repos.json.
  • For security, ensure JIRA_API_TOKEN is kept confidential.
安全使用建议
This skill appears to implement Jira and local-repo automation, but there are red flags you should consider before installing: - Hard-coded credentials: The package contains a plaintext JIRA_API_TOKEN and JIRA_EMAIL in references/jira.md and as default values inside many scripts. Do NOT assume those are safe or inert — they may be valid and could expose someone else's account or allow the skill to act without your consent. Ask the publisher to remove embedded secrets and rely only on environment-provided credentials. - Local filesystem and command execution: The scripts scan your workspace, run git commands, and execute repo test commands (subprocess.run). Only install/use this skill in an environment you trust. Prefer running it in an isolated development VM or container if you want to test. - Confirm intended behavior: The SKILL.md says it will wait for user approval before pushing/merging or transitioning issues, but the scripts can perform transitions and updates via the Jira API. Verify the agent's runtime prompts actually occur and that it will not perform irreversible operations without explicit consent. - Remove or rotate exposed credentials: If you control the Jira account referenced, rotate the API token immediately. If you do not, consider the embedded token evidence of sloppy packaging and avoid installing until it's removed. - Verify repository mappings: references/repos.json contains absolute /Users/a/... paths. Ensure these mappings won't point to sensitive paths on your machine, or update them before running. If you need a safer alternative, ask the publisher to produce a version with no embedded secrets, relative repo-paths or a configurable workspace, and explicit checks that require interactive approval before any write/transition operations.
功能分析
Type: OpenClaw Skill Name: jira-task-manager Version: 1.0.0 The skill bundle contains hardcoded sensitive credentials, specifically a Jira API token (ATATT...) and email address, across multiple files including 'references/jira.md' and nearly every script in the 'scripts/' directory. Furthermore, 'scripts/run_tests.py' and 'scripts/find_repo.py' use 'subprocess.run' to execute commands defined in 'references/repos.json' or discovered on the filesystem, which presents a risk of arbitrary code execution if configuration files are tampered with. While these behaviors appear to support the stated automation purpose, the blatant exposure of secrets and the high-risk execution patterns are significant security flaws.
能力评估
Purpose & Capability
Name/description, required env vars (JIRA_API_TOKEN, JIRA_EMAIL), and provided scripts all target Jira and local repo automation — broadly coherent. However, the package also embeds a Jira API token and email in references/jira.md and as defaults inside multiple scripts, which contradicts the declared requirement to provide credentials via environment variables.
Instruction Scope
SKILL.md and scripts instruct the agent to read local source files, scan the user's workspace, run git commands, and execute repo test commands. These actions are consistent with end-to-end development flows but allow filesystem enumeration and arbitrary command execution (via subprocess.run) in the user's repos. The workflow claims to wait for user approval before pushing/transitions, but the scripts are capable of making status transitions and updates with the supplied credentials.
Install Mechanism
Instruction-only (no installer). Scripts rely on typical system tools (python, git, npm, pytest) and the jira Python package. No external downloads or archive extraction present in the install spec.
Credentials
Declared env vars are appropriate for Jira integration. However, the repository contains a plaintext JIRA_API_TOKEN and JIRA_EMAIL in references/jira.md and many scripts provide that token as a default fallback. Embedding a usable API token in shipped files is disproportionate and risky — it may inadvertently expose or reuse another account's credentials.
Persistence & Privilege
always is false, the skill is user-invocable and may be autonomously invoked (platform default). The skill does not request system-wide configuration changes or permanent agent privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install jira-task-manager
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /jira-task-manager 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Jira Task Manager Skill v1.0.0 - Automates common Jira operations: create, update, comment on, transition, and list issues for project DS. - Supports end-to-end task workflows: from issue info gathering through code branch setup, implementation, and testing, with user-approved steps. - Includes scripts for syncing code repositories and integrating issue metadata with repo branches. - Implements troubleshooting for React/Zustand state persistence bugs, with specific practices outlined. - Requires JIRA_API_TOKEN and JIRA_EMAIL for operation; see documentation for full workflow and configuration details.
元数据
Slug jira-task-manager
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Jira Task Manager 是什么?

Jira automation for JiraATX (project DS). Create, update, comment, transition issues, list To Do tasks, sync repo, execute tasks end-to-end. Triggers: DS-XXX... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 124 次。

如何安装 Jira Task Manager?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install jira-task-manager」即可一键安装,无需额外配置。

Jira Task Manager 是免费的吗?

是的,Jira Task Manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Jira Task Manager 支持哪些平台?

Jira Task Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Jira Task Manager?

由 clairproqc-star(@clairproqc-star)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论