ClawHub
Back to skill
v1.0.0

java-circular-dependency-breaker

BenignClawScan verdict for this skill. Analyzed Apr 30, 2026, 1:34 PM.

Analysis

This is an instruction-only Java refactoring guide; the main thing to notice is that it asks the agent or user to edit project files and run local build commands.

GuidanceThis skill appears appropriate for Java circular-dependency refactoring. Before using it, make sure you are working in version control, review every source and build-file diff, and run the recommended compile/test checks so dependency changes do not leave the project broken.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Update all callers ... Remove the dependency from source module's build file ... Delete `api project(':module-b')`

The skill directs concrete source and build-file changes. These are aligned with the refactoring purpose and include verification steps, but users should recognize that the agent may modify important project files.

User impactThe skill can help refactor code, but incorrect edits could temporarily break compilation or tests.
RecommendationUse it in a version-controlled workspace, review diffs, and follow the provided compile/test checkpoints before keeping changes.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Requirements

- JDK 8+ (for `javap`)
- Gradle or Maven build tool
- Git (for rollback)

The skill relies on local developer tools even though the registry metadata lists no required binaries. This is not a hidden install mechanism, but it is a dependency/provenance detail users should notice.

User impactThe skill's usefulness depends on local build tooling and project configuration that are outside the skill package itself.
RecommendationConfirm the intended JDK and Gradle/Maven/Git tools are already trusted in the project environment before following the commands.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
Gradle: `./gradlew compileJava compileTestJava`
- Maven: `mvn compile test-compile`

The skill instructs running local build commands. That is expected for Java refactoring verification, but these commands execute the project's build tooling and build logic.

User impactRunning the suggested commands may execute project-defined Gradle or Maven build behavior in the local workspace.
RecommendationRun the commands only in a repository and environment you trust, and inspect build changes before proceeding.
Cascading Failures
SeverityLowConfidenceHighStatusNote
SKILL.md
Remove the dependency from source module's build file ... If compilation fails: Re-add the dependency ... Do **not** leave the codebase in a broken state.

The skill changes dependencies across modules, so one incorrect refactoring step can affect compilation across the project. The artifact also includes containment guidance through rollback and verification.

User impactA mistake could propagate across multiple modules and break builds until the dependency or code change is corrected.
RecommendationApply changes incrementally, keep commits small, and run the recommended module-level compile/test checks after each step.