Maven Pom Validator
AdvisoryAudited by Static analysis on May 1, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may run a local Python command against a POM file; if pointed at the wrong file, it may read and attempt to parse that file as XML.
The skill exposes local command execution of its validator script. This is central to the stated purpose and the documented commands are scoped to checking a POM file, but users should understand the agent may run this local tool when asked.
python3 scripts/maven_pom_validator.py lint pom.xml
Run it only on intended Maven POM files and review results before using strict-mode failures in automated workflows.
Users have less external information for verifying the publisher or upstream source of the bundled script.
The skill has limited public provenance information. The included artifacts do not show remote installers or third-party dependencies, so this is a provenance note rather than a material concern.
Source: unknown; Homepage: none
Review the included script before use and prefer trusted publishers or source links when available.
Using the skill means running bundled local Python code, which has normal local-code trust implications.
The skill includes an executable Python script. Executing local code is expected for this validator and the visible code uses Python standard-library parsing and lint checks rather than eval, shell execution, downloads, or dynamic execution.
#!/usr/bin/env python3
Run the script from the expected skill directory and avoid using modified or untrusted copies.