← 返回 Skills 市场
77
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install java-maven-secondary-analysis
功能描述
Analyze a Java Maven project delivered as a ZIP archive or a GitLab repository URL for secondary-development scope, class counts, module distribution, produc...
使用说明 (SKILL.md)
Java Maven Secondary Analysis
Use this skill when the user wants a 二开分析报告 for a Java Maven project.
Supported input
- Java Maven ZIP archive
- GitLab repository URL with user-authorized SSH access
Goal
Inspect Java Maven projects for:
- 二开涉及多少类
- 模块分布
- controller/service/mapper/config 等层次分布
- 产品化 / 客户化 / 品牌化痕迹
- 侵入式改造和升级污染风险
Required output
Write a formal markdown report to business/.
Suggested filename:
business/\x3Cproject-name>-二开分析报告-YYYY-MM-DD.md
Minimum scan scope
- root
pom.xml - module
pom.xml src/main/javasrc/main/resources- optional
src/test/java - scripts / SQL / CI / Docker / deploy files
Evidence rules
Each important finding should include file path, module, layer/category, keyword/snippet evidence, and risk explanation when possible.
Shared dependency
Use java-maven-common first when you need to normalize ZIP / GitLab input before analysis.
Bundled resources
scripts/scan_secondary_analysis.pytemplates/report.md
安全使用建议
This skill appears to only run a local static scan and generate a markdown report; it does not exfiltrate data or request credentials itself. Before installing or invoking it, check the following: (1) the external preparer referenced ('java-maven-common') is trustworthy because preparing ZIPs or cloning GitLab URLs may require SSH keys or tokens; (2) confirm you are comfortable the agent/environment that runs the skill has appropriate access to the repository (avoid granting broad SSH keys to untrusted code); (3) note reports are written to disk (suggested 'business/' directory) — verify workspace permissions and storage location; (4) if you need end-to-end behavior (feed a raw GitLab URL), inspect or provide the preparer implementation to ensure no unexpected network/exfiltration occurs.
功能分析
Type: OpenClaw Skill
Name: java-maven-secondary-analysis
Version: 1.0.0
The skill bundle is designed for analyzing Java Maven projects to identify secondary development (customization) traces. The core logic in `scripts/scan_secondary_analysis.py` performs local file system operations such as counting Java classes, identifying architectural layers, and searching for specific keywords (e.g., 'tenant', 'brand', 'custom') to generate a report. No evidence of data exfiltration, malicious execution, or prompt injection was found; the behavior is entirely consistent with the stated purpose.
能力评估
Purpose & Capability
The SKILL.md claims support for ZIP archives and GitLab repository URLs, but the bundled script only consumes a prepared local workspace described by a prepare JSON. The SKILL.md does mention using an external helper ('java-maven-common') to normalize inputs, so the design is coherent but relies on that external preparer which is not included or declared as an explicit dependency in registry metadata.
Instruction Scope
Runtime instructions and the script are limited to local filesystem analysis of declared project files (pom.xml, src/, scripts, SQL, CI, etc.), extract simple keywords, count Java files, and produce a markdown report. There are no instructions to read unrelated system files, export data to external endpoints, or access secrets.
Install Mechanism
No install spec is provided (instruction-only plus a small included Python script). Nothing is downloaded or executed from remote URLs and the script is readable and small.
Credentials
The skill itself does not request environment variables or credentials. However, SKILL.md references accepting GitLab URLs with 'user-authorized SSH access' and the external 'java-maven-common' preparer — those steps (outside this skill) may require SSH keys or tokens. Users should verify the preparer before granting repository access.
Persistence & Privilege
The skill does not request permanent presence (always is false), does not modify other skills or global agent settings, and writes only local report files under the provided report path (suggested 'business/').
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install java-maven-secondary-analysis - 安装完成后,直接呼叫该 Skill 的名称或使用
/java-maven-secondary-analysis触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Analyze Java Maven projects for secondary-development scope, code structure, and customization risks.
- Supports input as ZIP archives or GitLab repository URLs.
- Inspects class counts, module distribution, and code layer separation (controller/service/mapper/config).
- Detects product customization, invasive modifications, and upgrade pollution risks.
- Generates formal markdown reports with structured findings and supporting evidence.
- Utilizes the `java-maven-common` skill for input normalization before analysis.
元数据
常见问题
Java Maven Secondary Analysis 是什么?
Analyze a Java Maven project delivered as a ZIP archive or a GitLab repository URL for secondary-development scope, class counts, module distribution, produc... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 77 次。
如何安装 Java Maven Secondary Analysis?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install java-maven-secondary-analysis」即可一键安装,无需额外配置。
Java Maven Secondary Analysis 是免费的吗?
是的,Java Maven Secondary Analysis 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Java Maven Secondary Analysis 支持哪些平台?
Java Maven Secondary Analysis 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Java Maven Secondary Analysis?
由 刘岗强(@mrliugangqiang)开发并维护,当前版本 v1.0.0。
推荐 Skills