ClawHub

Maven Pom Validator

Validate and lint Maven pom.xml files for structure, dependencies, plugins, and best practices. Use when asked to lint, validate, check, or audit pom.xml files, verify Maven configuration, or ensure POM quality. Triggers on "lint pom", "validate pom.xml", "check maven", "maven best practices".

Audits

Pass
ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install maven-pom-validator

Maven POM Validator

Validate and lint Maven pom.xml files for structural correctness, dependency hygiene, plugin configuration, and best practices.

Commands

lint — Full lint pass (all 20+ rules)

python3 scripts/maven_pom_validator.py lint pom.xml
python3 scripts/maven_pom_validator.py lint pom.xml --strict
python3 scripts/maven_pom_validator.py lint pom.xml --format json
python3 scripts/maven_pom_validator.py lint pom.xml --format markdown

dependencies — Audit dependency declarations

python3 scripts/maven_pom_validator.py dependencies pom.xml
python3 scripts/maven_pom_validator.py dependencies pom.xml --format json

plugins — Audit plugin declarations

python3 scripts/maven_pom_validator.py plugins pom.xml
python3 scripts/maven_pom_validator.py plugins pom.xml --format markdown

validate — Quick structural validation only

python3 scripts/maven_pom_validator.py validate pom.xml
python3 scripts/maven_pom_validator.py validate pom.xml --strict

Flags

FlagDescription
--strictExit code 1 on warnings (CI mode)
--format textHuman-readable output (default)
--format jsonMachine-readable JSON
--format markdownMarkdown report

Lint Rules

Structure (5 rules)

  1. Valid XML — file must be well-formed XML
  2. Required elements — groupId, artifactId, version, modelVersion must be present
  3. modelVersion must be "4.0.0"
  4. groupId format — must follow reverse-domain convention (e.g. com.example)
  5. packaging value must be valid (jar, war, pom, ear, rar, maven-plugin)

Dependencies (6 rules)

  1. No duplicate dependencies (same groupId:artifactId)
  2. No SNAPSHOT versions in release POMs
  3. Version must be defined (not missing)
  4. No wildcard/range versions (LATEST, RELEASE, [1.0,))
  5. Scope must be valid (compile, test, provided, runtime, system, import)
  6. system-scoped deps must have <systemPath>

Plugins (5 rules)

  1. Plugin versions must be pinned
  2. No duplicate plugins (same groupId:artifactId)
  3. Plugin groupId should be specified
  4. Known deprecated plugins flagged
  5. Configuration elements checked for common issues

Best Practices (6 rules)

  1. Properties used for version management (DRY check)
  2. dependencyManagement used in parent POMs
  3. UTF-8 encoding specified (project.build.sourceEncoding)
  4. Java source/target version set (maven.compiler.source/target or release)
  5. No hardcoded absolute paths in configuration
  6. SCM section present

Exit Codes

CodeMeaning
0No errors (warnings OK unless --strict)
1Errors found (or warnings with --strict)
2Script usage error