p3c-code-quality
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: p3c-code-quality Version: 1.0.0 The p3c-code-quality skill is a legitimate tool designed to perform code quality audits based on the Alibaba P3C Java coding standards. It uses standard IDE built-in tools like Glob, Read, Grep, and Write to analyze local Java source code for naming conventions, security vulnerabilities (e.g., SQL injection), and concurrency issues, ultimately generating a Markdown report in a local directory. No indicators of data exfiltration, malicious execution, or harmful prompt injection were found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect project source code and add a report file to the workspace.
The skill instructs the agent to read local Java source files and write a report. This is expected for code-quality checking, but users should be aware that local code contents are accessed and a file is created.
使用 `Glob` 查找所有 `.java` 文件...使用 `Read` 读取文件内容...使用 `Write` 工具生成 Markdown 格式报告
Invoke it only on the intended project path and review the generated report path before accepting changes.
Actual behavior may depend on the installed versions of the referenced P3C subskills.
The skill discloses that it depends on several referenced subskills. This is coherent for an aggregate checker, but those subskills are not part of the provided artifact set.
本技能是聚合技能,会调用以下子技能...p3c-coding-style...p3c-exception-logging...p3c-security-rules...p3c-unit-testing
Before relying on the aggregate skill, verify that the referenced subskills are installed from trusted sources and match the expected P3C review purpose.