ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Java Maven Common

v1.0.0

Common input handling for Java Maven project review workflows. Use when a Java Maven project arrives as a ZIP archive or a GitLab repository URL and you need...

0· 78·0 current·0 all-time
by刘岗强@mrliugangqiang

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mrliugangqiang/java-maven-common.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Java Maven Common" (mrliugangqiang/java-maven-common) from ClawHub.
Skill page: https://clawhub.ai/mrliugangqiang/java-maven-common
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install java-maven-common

ClawHub CLI

Package manager switcher

npx clawhub@latest install java-maven-common
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim to handle ZIP or GitLab inputs, normalize roots, and detect Maven modules — the included Python script implements exactly those operations (unzip, git clone, scan for pom.xml) and no unrelated capabilities or external services are requested.
Instruction Scope
SKILL.md limits operations to a working directory under temp and asks the user to confirm SSH auth for GitLab clones. The script implements the stated workflow, but it does NOT enforce the 'under temp' constraint and will accept any path provided for --work and will remove that path if performing a clone. This is a scope/assurance gap (the instructions ask for a safe working dir but the script trusts the caller).
Install Mechanism
No install spec — instruction-only with a small bundled Python script. No downloads, package installs, or archive extraction from remote URLs are performed by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Git cloning requires network access and appropriate SSH keys on the agent, which is consistent with the stated GitLab clone capability.
Persistence & Privilege
Skill is not always-enabled and uses normal autonomous-invocation defaults. It does not modify other skills or system-wide configuration.
Assessment
This skill appears to do only what it says: unzip archives or run git clone, detect Maven modules, and emit a JSON summary. Before installing or invoking: 1) Provide a dedicated working directory under a temporary sandbox (do not pass root or important filesystem paths). The script will delete the target work directory if it exists when cloning. 2) Only supply repository URLs you trust; git clone fetches remote code and can contain unexpected files (the script does not execute project code, but downstream processing might). 3) Ensure SSH keys or network access required for cloning are provisioned securely and that you confirm SSH authorization for private repos as the SKILL.md requests. 4) If you need stronger safety, ask the skill author to enforce/validate that --work is inside a safe temp directory and to refuse dangerous paths.

Like a lobster shell, security has layers — review code before you run it.

latestvk9763ezfmj67hctfr6w86vby9984ttzg
78downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
刘岗强@mrliugangqiang
latest
Download

Java Maven Common

Use this skill as the shared input layer for Java Maven review work.

Purpose

This skill handles the common project-ingest steps used by other Java Maven skills:

  • ZIP unpack
  • GitLab clone after SSH authorization
  • project root normalization
  • Maven root/module identification

Supported input

  • Java Maven ZIP archive
  • GitLab repository URL

Standard workflow

ZIP input

  1. Put archive into temp/
  2. Unpack into a dedicated work directory under temp/
  3. Normalize root directory
  4. Detect Maven modules by scanning pom.xml

GitLab input

  1. Confirm SSH authorization has been granted by the user
  2. Clone repository into a dedicated work directory under temp/
  3. Normalize root directory
  4. Detect Maven modules by scanning pom.xml

Output

Generate a JSON summary that includes at least:

  • input mode
  • normalized root path
  • project name
  • module list
  • module count
  • whether scan is limited

Bundled resources

  • scripts/prepare_java_maven_project.py

Instruction scope

This skill does not produce the final business report by itself. It prepares the project input for downstream skills.

Comments

Loading comments...