Maven Pom Validator
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward local Maven pom.xml linter; the main things to notice are that it runs a bundled Python script and has limited public source provenance.
This skill is reasonable to use if you are comfortable running the bundled Python validator locally. Review the script if provenance matters to you, run it only on intended pom.xml files, and note that no credentials or external service access are required by the provided artifacts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may run a local Python command against a POM file; if pointed at the wrong file, it may read and attempt to parse that file as XML.
The skill exposes local command execution of its validator script. This is central to the stated purpose and the documented commands are scoped to checking a POM file, but users should understand the agent may run this local tool when asked.
python3 scripts/maven_pom_validator.py lint pom.xml
Run it only on intended Maven POM files and review results before using strict-mode failures in automated workflows.
Users have less external information for verifying the publisher or upstream source of the bundled script.
The skill has limited public provenance information. The included artifacts do not show remote installers or third-party dependencies, so this is a provenance note rather than a material concern.
Source: unknown; Homepage: none
Review the included script before use and prefer trusted publishers or source links when available.
Using the skill means running bundled local Python code, which has normal local-code trust implications.
The skill includes an executable Python script. Executing local code is expected for this validator and the visible code uses Python standard-library parsing and lint checks rather than eval, shell execution, downloads, or dynamic execution.
#!/usr/bin/env python3
Run the script from the expected skill directory and avoid using modified or untrusted copies.