← 返回 Skills 市场

Java Maven Code Review

Name: Java Maven Code Review
Author: mrliugangqiang

作者刘岗强 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install java-maven-code-review

功能描述

Review a Java Maven project delivered as a ZIP archive or a GitLab repository URL for code规范, naming, module boundaries, maintainability problems, duplicated...

使用说明 (SKILL.md)

Java Maven Code Review

Use this skill when the user wants a 代码规范检查报告 for a Java Maven project.

Supported input

Java Maven ZIP archive
GitLab repository URL with user-authorized SSH access

Goal

Inspect Java Maven projects for:

命名规范问题
模块边界不清
结构不合理
重复逻辑
可维护性问题
配置与资源文件中的规范风险

Required output

Write a formal markdown report to business/. Suggested filename: business/\x3Cproject-name>-代码规范检查报告-YYYY-MM-DD.md

Minimum scan scope

root pom.xml
module pom.xml
src/main/java
src/main/resources
optional src/test/java
scripts / SQL / CI / Docker / deploy files

Evidence rules

Each important finding should include file path, module, code/config evidence, impact, and modification advice when possible.

Shared dependency

Use java-maven-common first when you need to normalize ZIP / GitLab input before review.

Bundled resources

scripts/scan_code_review.py
templates/report.md

安全使用建议

This skill appears to be a small, local scanner that looks for keyword-based issues and produces a markdown report — it does not contact external endpoints or require secrets by itself. Before installing, confirm: (1) the platform has the named shared dependency (java-maven-common) or else ZIP/GitLab inputs won't be handled; (2) the agent or helper that checks out GitLab repos is the component that will need SSH keys/tokens — do not point the scanner at a root path that exposes unrelated files (e.g., your home directory); (3) understand that the bundled script is rule/keyword-based and should be used as a first-pass tool, not a substitute for a manual security/design review.

功能分析

Type: OpenClaw Skill Name: java-maven-code-review Version: 1.0.0 The skill bundle is a standard static analysis tool for Java Maven projects. The Python script (scripts/scan_code_review.py) performs local file scanning for hardcoded credentials, temporary code markers (TODO, FIXME), and configuration issues, then generates a Markdown report. There is no evidence of data exfiltration, malicious execution, or harmful prompt injection; all operations are consistent with the stated purpose of code review.

能力评估

✓ Purpose & Capability

Name and description match the included behavior: the Python script scans a project tree for simple keywords and emits a markdown report. The SKILL.md's expectation to accept ZIP or GitLab inputs is reasonable, but the skill itself defers normalization/checkout to a shared dependency ('java-maven-common'), which must be present for those input modes to work.

ℹ Instruction Scope

SKILL.md limits scanning to pom.xml, src/, resources, and CI scripts which matches the script's filesystem scan. However, the SKILL.md mentions GitLab SSH access and ZIP normalization but the bundled script does not perform repository checkout or network access — that responsibility is delegated to the named shared dependency. Ensure that the normalization step does not expand scope (e.g., by pointing root at unrelated filesystem locations).

✓ Install Mechanism

No install spec; this is instruction-only with one bundled Python script. Nothing is downloaded or executed from external URLs during install.

ℹ Credentials

The skill declares no required environment variables or credentials, which matches the script. One caveat: supporting a 'GitLab repository URL with user-authorized SSH access' implies that some other component (the agent or the shared helper) will need SSH keys or GitLab tokens — those are not requested or documented here. Confirm how repository checkouts are performed and which component requires credentials.

✓ Persistence & Privilege

always:false and no special privileges requested. The skill writes reports to paths provided at runtime (e.g., business/...), which is expected behavior for report generation; it does not modify other skills or system-wide configuration.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install java-maven-code-review
安装完成后，直接呼叫该 Skill 的名称或使用 /java-maven-code-review 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of the java-maven-code-review skill. - Reviews Java Maven projects (ZIP archive or GitLab URL) for code规范, naming, maintainability, duplications, and structure issues. - Generates a formal markdown code规范检查报告 stored in the `business/` directory. - Scans project structure including pom.xml, Java sources, resources, test code, and configuration scripts. - Each report finding includes code evidence, impact, and整改建议. - Integrates with `java-maven-common` for ZIP/GitLab input normalization. - Provides bundled resources for scanning and reporting.

元数据

Slug java-maven-code-review

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题