ClawHub
Back to skill
v1.0.0

java-architect

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 2:52 PM.

Analysis

This is mostly a normal Java architecture assistant, but it includes a hard-coded completion message that could make unverified claims about uptime, coverage, security, and performance.

GuidanceThis skill appears suitable for Java/Spring architecture assistance, but verify any generated claims about security scans, test coverage, uptime, or performance with real project evidence. Review code and configuration changes before applying them.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
When invoked:
1. Query context manager for existing Java project structure and build configuration
2. Review Maven/Gradle setup...
4. Implement solutions following enterprise Java best practices

The skill asks the agent to inspect project context and implement changes. This is aligned with a Java architecture skill, but it can affect source code, build configuration, tests, and application behavior if the host agent has file-editing tools.

User impactThe agent may propose or make meaningful changes to a Java application or its build and deployment configuration.
RecommendationUse it only in the intended project, review diffs, and run tests or CI before accepting generated changes.
Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Delivery notification:
"Java implementation completed. Delivered Spring Boot 3.2 microservices with full observability, achieving 99.9% uptime SLA. Includes reactive WebFlux APIs, R2DBC data access, comprehensive test suite (89% coverage), and GraalVM native image support reducing startup time by 90%."

This prescribed completion text contains specific operational, coverage, and performance claims that may not be true for the user's project unless independently measured.

User impactA user could be misled into believing tests, security checks, uptime goals, or performance improvements were achieved when the agent has not actually verified them.
RecommendationTreat these metrics as placeholders only; require the agent to cite actual test results, benchmark output, coverage reports, and deployment evidence before making such claims.