Java Maven Code Review
v1.0.0Review a Java Maven project delivered as a ZIP archive or a GitLab repository URL for code规范, naming, module boundaries, maintainability problems, duplicated...
⭐ 0· 38·0 current·0 all-time
by刘岗强@mrliugangqiang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description match the included behavior: the Python script scans a project tree for simple keywords and emits a markdown report. The SKILL.md's expectation to accept ZIP or GitLab inputs is reasonable, but the skill itself defers normalization/checkout to a shared dependency ('java-maven-common'), which must be present for those input modes to work.
Instruction Scope
SKILL.md limits scanning to pom.xml, src/, resources, and CI scripts which matches the script's filesystem scan. However, the SKILL.md mentions GitLab SSH access and ZIP normalization but the bundled script does not perform repository checkout or network access — that responsibility is delegated to the named shared dependency. Ensure that the normalization step does not expand scope (e.g., by pointing root at unrelated filesystem locations).
Install Mechanism
No install spec; this is instruction-only with one bundled Python script. Nothing is downloaded or executed from external URLs during install.
Credentials
The skill declares no required environment variables or credentials, which matches the script. One caveat: supporting a 'GitLab repository URL with user-authorized SSH access' implies that some other component (the agent or the shared helper) will need SSH keys or GitLab tokens — those are not requested or documented here. Confirm how repository checkouts are performed and which component requires credentials.
Persistence & Privilege
always:false and no special privileges requested. The skill writes reports to paths provided at runtime (e.g., business/...), which is expected behavior for report generation; it does not modify other skills or system-wide configuration.
Assessment
This skill appears to be a small, local scanner that looks for keyword-based issues and produces a markdown report — it does not contact external endpoints or require secrets by itself. Before installing, confirm: (1) the platform has the named shared dependency (java-maven-common) or else ZIP/GitLab inputs won't be handled; (2) the agent or helper that checks out GitLab repos is the component that will need SSH keys/tokens — do not point the scanner at a root path that exposes unrelated files (e.g., your home directory); (3) understand that the bundled script is rule/keyword-based and should be used as a first-pass tool, not a substitute for a manual security/design review.Like a lobster shell, security has layers — review code before you run it.
latestvk9799m4hzsdqyaw2dztcs0z82d84vb40
License
MIT-0
Free to use, modify, and redistribute. No attribution required.