← Back to Skills Marketplace
77
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install java-maven-secondary-analysis
Description
Analyze a Java Maven project delivered as a ZIP archive or a GitLab repository URL for secondary-development scope, class counts, module distribution, produc...
README (SKILL.md)
Java Maven Secondary Analysis
Use this skill when the user wants a 二开分析报告 for a Java Maven project.
Supported input
- Java Maven ZIP archive
- GitLab repository URL with user-authorized SSH access
Goal
Inspect Java Maven projects for:
- 二开涉及多少类
- 模块分布
- controller/service/mapper/config 等层次分布
- 产品化 / 客户化 / 品牌化痕迹
- 侵入式改造和升级污染风险
Required output
Write a formal markdown report to business/.
Suggested filename:
business/\x3Cproject-name>-二开分析报告-YYYY-MM-DD.md
Minimum scan scope
- root
pom.xml - module
pom.xml src/main/javasrc/main/resources- optional
src/test/java - scripts / SQL / CI / Docker / deploy files
Evidence rules
Each important finding should include file path, module, layer/category, keyword/snippet evidence, and risk explanation when possible.
Shared dependency
Use java-maven-common first when you need to normalize ZIP / GitLab input before analysis.
Bundled resources
scripts/scan_secondary_analysis.pytemplates/report.md
Usage Guidance
This skill appears to only run a local static scan and generate a markdown report; it does not exfiltrate data or request credentials itself. Before installing or invoking it, check the following: (1) the external preparer referenced ('java-maven-common') is trustworthy because preparing ZIPs or cloning GitLab URLs may require SSH keys or tokens; (2) confirm you are comfortable the agent/environment that runs the skill has appropriate access to the repository (avoid granting broad SSH keys to untrusted code); (3) note reports are written to disk (suggested 'business/' directory) — verify workspace permissions and storage location; (4) if you need end-to-end behavior (feed a raw GitLab URL), inspect or provide the preparer implementation to ensure no unexpected network/exfiltration occurs.
Capability Analysis
Type: OpenClaw Skill
Name: java-maven-secondary-analysis
Version: 1.0.0
The skill bundle is designed for analyzing Java Maven projects to identify secondary development (customization) traces. The core logic in `scripts/scan_secondary_analysis.py` performs local file system operations such as counting Java classes, identifying architectural layers, and searching for specific keywords (e.g., 'tenant', 'brand', 'custom') to generate a report. No evidence of data exfiltration, malicious execution, or prompt injection was found; the behavior is entirely consistent with the stated purpose.
Capability Assessment
Purpose & Capability
The SKILL.md claims support for ZIP archives and GitLab repository URLs, but the bundled script only consumes a prepared local workspace described by a prepare JSON. The SKILL.md does mention using an external helper ('java-maven-common') to normalize inputs, so the design is coherent but relies on that external preparer which is not included or declared as an explicit dependency in registry metadata.
Instruction Scope
Runtime instructions and the script are limited to local filesystem analysis of declared project files (pom.xml, src/, scripts, SQL, CI, etc.), extract simple keywords, count Java files, and produce a markdown report. There are no instructions to read unrelated system files, export data to external endpoints, or access secrets.
Install Mechanism
No install spec is provided (instruction-only plus a small included Python script). Nothing is downloaded or executed from remote URLs and the script is readable and small.
Credentials
The skill itself does not request environment variables or credentials. However, SKILL.md references accepting GitLab URLs with 'user-authorized SSH access' and the external 'java-maven-common' preparer — those steps (outside this skill) may require SSH keys or tokens. Users should verify the preparer before granting repository access.
Persistence & Privilege
The skill does not request permanent presence (always is false), does not modify other skills or global agent settings, and writes only local report files under the provided report path (suggested 'business/').
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install java-maven-secondary-analysis - After installation, invoke the skill by name or use
/java-maven-secondary-analysis - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Analyze Java Maven projects for secondary-development scope, code structure, and customization risks.
- Supports input as ZIP archives or GitLab repository URLs.
- Inspects class counts, module distribution, and code layer separation (controller/service/mapper/config).
- Detects product customization, invasive modifications, and upgrade pollution risks.
- Generates formal markdown reports with structured findings and supporting evidence.
- Utilizes the `java-maven-common` skill for input normalization before analysis.
Metadata
Frequently Asked Questions
What is Java Maven Secondary Analysis?
Analyze a Java Maven project delivered as a ZIP archive or a GitLab repository URL for secondary-development scope, class counts, module distribution, produc... It is an AI Agent Skill for Claude Code / OpenClaw, with 77 downloads so far.
How do I install Java Maven Secondary Analysis?
Run "/install java-maven-secondary-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Java Maven Secondary Analysis free?
Yes, Java Maven Secondary Analysis is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Java Maven Secondary Analysis support?
Java Maven Secondary Analysis is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Java Maven Secondary Analysis?
It is built and maintained by 刘岗强 (@mrliugangqiang); the current version is v1.0.0.
More Skills