ClawHub

Java Maven Secondary Analysis

v1.0.0

Analyze a Java Maven project delivered as a ZIP archive or a GitLab repository URL for secondary-development scope, class counts, module distribution, produc...

0· 69·0 current·0 all-time
by刘岗强@mrliugangqiang

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mrliugangqiang/java-maven-secondary-analysis.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Java Maven Secondary Analysis" (mrliugangqiang/java-maven-secondary-analysis) from ClawHub.
Skill page: https://clawhub.ai/mrliugangqiang/java-maven-secondary-analysis
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install java-maven-secondary-analysis

ClawHub CLI

Package manager switcher

npx clawhub@latest install java-maven-secondary-analysis
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md claims support for ZIP archives and GitLab repository URLs, but the bundled script only consumes a prepared local workspace described by a prepare JSON. The SKILL.md does mention using an external helper ('java-maven-common') to normalize inputs, so the design is coherent but relies on that external preparer which is not included or declared as an explicit dependency in registry metadata.
Instruction Scope
Runtime instructions and the script are limited to local filesystem analysis of declared project files (pom.xml, src/, scripts, SQL, CI, etc.), extract simple keywords, count Java files, and produce a markdown report. There are no instructions to read unrelated system files, export data to external endpoints, or access secrets.
Install Mechanism
No install spec is provided (instruction-only plus a small included Python script). Nothing is downloaded or executed from remote URLs and the script is readable and small.
Credentials
The skill itself does not request environment variables or credentials. However, SKILL.md references accepting GitLab URLs with 'user-authorized SSH access' and the external 'java-maven-common' preparer — those steps (outside this skill) may require SSH keys or tokens. Users should verify the preparer before granting repository access.
Persistence & Privilege
The skill does not request permanent presence (always is false), does not modify other skills or global agent settings, and writes only local report files under the provided report path (suggested 'business/').
Assessment
This skill appears to only run a local static scan and generate a markdown report; it does not exfiltrate data or request credentials itself. Before installing or invoking it, check the following: (1) the external preparer referenced ('java-maven-common') is trustworthy because preparing ZIPs or cloning GitLab URLs may require SSH keys or tokens; (2) confirm you are comfortable the agent/environment that runs the skill has appropriate access to the repository (avoid granting broad SSH keys to untrusted code); (3) note reports are written to disk (suggested 'business/' directory) — verify workspace permissions and storage location; (4) if you need end-to-end behavior (feed a raw GitLab URL), inspect or provide the preparer implementation to ensure no unexpected network/exfiltration occurs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dxm7q39a2vthe58tsk40kex84vvte
69downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
刘岗强@mrliugangqiang
latest
Download

Java Maven Secondary Analysis

Use this skill when the user wants a 二开分析报告 for a Java Maven project.

Supported input

  • Java Maven ZIP archive
  • GitLab repository URL with user-authorized SSH access

Goal

Inspect Java Maven projects for:

  • 二开涉及多少类
  • 模块分布
  • controller/service/mapper/config 等层次分布
  • 产品化 / 客户化 / 品牌化痕迹
  • 侵入式改造和升级污染风险

Required output

Write a formal markdown report to business/. Suggested filename: business/<project-name>-二开分析报告-YYYY-MM-DD.md

Minimum scan scope

  • root pom.xml
  • module pom.xml
  • src/main/java
  • src/main/resources
  • optional src/test/java
  • scripts / SQL / CI / Docker / deploy files

Evidence rules

Each important finding should include file path, module, layer/category, keyword/snippet evidence, and risk explanation when possible.

Shared dependency

Use java-maven-common first when you need to normalize ZIP / GitLab input before analysis.

Bundled resources

  • scripts/scan_secondary_analysis.py
  • templates/report.md

Comments

Loading comments...