← Back to Skills Marketplace
85
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install java-maven-common
Description
Common input handling for Java Maven project review workflows. Use when a Java Maven project arrives as a ZIP archive or a GitLab repository URL and you need...
README (SKILL.md)
Java Maven Common
Use this skill as the shared input layer for Java Maven review work.
Purpose
This skill handles the common project-ingest steps used by other Java Maven skills:
- ZIP unpack
- GitLab clone after SSH authorization
- project root normalization
- Maven root/module identification
Supported input
- Java Maven ZIP archive
- GitLab repository URL
Standard workflow
ZIP input
- Put archive into
temp/ - Unpack into a dedicated work directory under
temp/ - Normalize root directory
- Detect Maven modules by scanning
pom.xml
GitLab input
- Confirm SSH authorization has been granted by the user
- Clone repository into a dedicated work directory under
temp/ - Normalize root directory
- Detect Maven modules by scanning
pom.xml
Output
Generate a JSON summary that includes at least:
- input mode
- normalized root path
- project name
- module list
- module count
- whether scan is limited
Bundled resources
scripts/prepare_java_maven_project.py
Instruction scope
This skill does not produce the final business report by itself. It prepares the project input for downstream skills.
Usage Guidance
This skill appears to do only what it says: unzip archives or run git clone, detect Maven modules, and emit a JSON summary. Before installing or invoking: 1) Provide a dedicated working directory under a temporary sandbox (do not pass root or important filesystem paths). The script will delete the target work directory if it exists when cloning. 2) Only supply repository URLs you trust; git clone fetches remote code and can contain unexpected files (the script does not execute project code, but downstream processing might). 3) Ensure SSH keys or network access required for cloning are provisioned securely and that you confirm SSH authorization for private repos as the SKILL.md requests. 4) If you need stronger safety, ask the skill author to enforce/validate that --work is inside a safe temp directory and to refuse dangerous paths.
Capability Analysis
Type: OpenClaw Skill
Name: java-maven-common
Version: 1.0.0
The skill contains security vulnerabilities in 'scripts/prepare_java_maven_project.py' that could be exploited if processing untrusted input. Specifically, it uses 'zipfile.extractall()', which is vulnerable to ZipSlip (directory traversal), and passes the repository URL directly to 'git clone' without sanitization, potentially allowing for argument injection. While these are high-risk vulnerabilities, they appear to be unintentional flaws rather than intentional malware.
Capability Assessment
Purpose & Capability
Name/description claim to handle ZIP or GitLab inputs, normalize roots, and detect Maven modules — the included Python script implements exactly those operations (unzip, git clone, scan for pom.xml) and no unrelated capabilities or external services are requested.
Instruction Scope
SKILL.md limits operations to a working directory under temp and asks the user to confirm SSH auth for GitLab clones. The script implements the stated workflow, but it does NOT enforce the 'under temp' constraint and will accept any path provided for --work and will remove that path if performing a clone. This is a scope/assurance gap (the instructions ask for a safe working dir but the script trusts the caller).
Install Mechanism
No install spec — instruction-only with a small bundled Python script. No downloads, package installs, or archive extraction from remote URLs are performed by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Git cloning requires network access and appropriate SSH keys on the agent, which is consistent with the stated GitLab clone capability.
Persistence & Privilege
Skill is not always-enabled and uses normal autonomous-invocation defaults. It does not modify other skills or system-wide configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install java-maven-common - After installation, invoke the skill by name or use
/java-maven-common - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of java-maven-common: foundational input handling for Java Maven project reviews.
- Supports ingesting projects via ZIP archive or GitLab repository URL.
- Handles ZIP unpacking, GitLab SSH cloning, root normalization, and automatic Maven module detection.
- Produces a standardized JSON summary with input mode, root path, project name, module list, and related information.
- Includes the script prepare_java_maven_project.py for processing.
- Designed to act as a shared input layer for other Java Maven review tools; does not generate business reports itself.
Metadata
Frequently Asked Questions
What is Java Maven Common?
Common input handling for Java Maven project review workflows. Use when a Java Maven project arrives as a ZIP archive or a GitLab repository URL and you need... It is an AI Agent Skill for Claude Code / OpenClaw, with 85 downloads so far.
How do I install Java Maven Common?
Run "/install java-maven-common" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Java Maven Common free?
Yes, Java Maven Common is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Java Maven Common support?
Java Maven Common is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Java Maven Common?
It is built and maintained by 刘岗强 (@mrliugangqiang); the current version is v1.0.0.
More Skills