← 返回 Skills 市场
85
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install java-maven-common
功能描述
Common input handling for Java Maven project review workflows. Use when a Java Maven project arrives as a ZIP archive or a GitLab repository URL and you need...
使用说明 (SKILL.md)
Java Maven Common
Use this skill as the shared input layer for Java Maven review work.
Purpose
This skill handles the common project-ingest steps used by other Java Maven skills:
- ZIP unpack
- GitLab clone after SSH authorization
- project root normalization
- Maven root/module identification
Supported input
- Java Maven ZIP archive
- GitLab repository URL
Standard workflow
ZIP input
- Put archive into
temp/ - Unpack into a dedicated work directory under
temp/ - Normalize root directory
- Detect Maven modules by scanning
pom.xml
GitLab input
- Confirm SSH authorization has been granted by the user
- Clone repository into a dedicated work directory under
temp/ - Normalize root directory
- Detect Maven modules by scanning
pom.xml
Output
Generate a JSON summary that includes at least:
- input mode
- normalized root path
- project name
- module list
- module count
- whether scan is limited
Bundled resources
scripts/prepare_java_maven_project.py
Instruction scope
This skill does not produce the final business report by itself. It prepares the project input for downstream skills.
安全使用建议
This skill appears to do only what it says: unzip archives or run git clone, detect Maven modules, and emit a JSON summary. Before installing or invoking: 1) Provide a dedicated working directory under a temporary sandbox (do not pass root or important filesystem paths). The script will delete the target work directory if it exists when cloning. 2) Only supply repository URLs you trust; git clone fetches remote code and can contain unexpected files (the script does not execute project code, but downstream processing might). 3) Ensure SSH keys or network access required for cloning are provisioned securely and that you confirm SSH authorization for private repos as the SKILL.md requests. 4) If you need stronger safety, ask the skill author to enforce/validate that --work is inside a safe temp directory and to refuse dangerous paths.
功能分析
Type: OpenClaw Skill
Name: java-maven-common
Version: 1.0.0
The skill contains security vulnerabilities in 'scripts/prepare_java_maven_project.py' that could be exploited if processing untrusted input. Specifically, it uses 'zipfile.extractall()', which is vulnerable to ZipSlip (directory traversal), and passes the repository URL directly to 'git clone' without sanitization, potentially allowing for argument injection. While these are high-risk vulnerabilities, they appear to be unintentional flaws rather than intentional malware.
能力评估
Purpose & Capability
Name/description claim to handle ZIP or GitLab inputs, normalize roots, and detect Maven modules — the included Python script implements exactly those operations (unzip, git clone, scan for pom.xml) and no unrelated capabilities or external services are requested.
Instruction Scope
SKILL.md limits operations to a working directory under temp and asks the user to confirm SSH auth for GitLab clones. The script implements the stated workflow, but it does NOT enforce the 'under temp' constraint and will accept any path provided for --work and will remove that path if performing a clone. This is a scope/assurance gap (the instructions ask for a safe working dir but the script trusts the caller).
Install Mechanism
No install spec — instruction-only with a small bundled Python script. No downloads, package installs, or archive extraction from remote URLs are performed by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Git cloning requires network access and appropriate SSH keys on the agent, which is consistent with the stated GitLab clone capability.
Persistence & Privilege
Skill is not always-enabled and uses normal autonomous-invocation defaults. It does not modify other skills or system-wide configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install java-maven-common - 安装完成后,直接呼叫该 Skill 的名称或使用
/java-maven-common触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of java-maven-common: foundational input handling for Java Maven project reviews.
- Supports ingesting projects via ZIP archive or GitLab repository URL.
- Handles ZIP unpacking, GitLab SSH cloning, root normalization, and automatic Maven module detection.
- Produces a standardized JSON summary with input mode, root path, project name, module list, and related information.
- Includes the script prepare_java_maven_project.py for processing.
- Designed to act as a shared input layer for other Java Maven review tools; does not generate business reports itself.
元数据
常见问题
Java Maven Common 是什么?
Common input handling for Java Maven project review workflows. Use when a Java Maven project arrives as a ZIP archive or a GitLab repository URL and you need... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 85 次。
如何安装 Java Maven Common?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install java-maven-common」即可一键安装,无需额外配置。
Java Maven Common 是免费的吗?
是的,Java Maven Common 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Java Maven Common 支持哪些平台?
Java Maven Common 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Java Maven Common?
由 刘岗强(@mrliugangqiang)开发并维护,当前版本 v1.0.0。
推荐 Skills