Maven Full Runner
PassAudited by ClawScan on May 10, 2026.
Overview
This is a transparent Maven command runner; its broad command-execution ability is expected for the purpose, but users should only run trusted Maven commands and projects.
This skill appears coherent and purpose-aligned. Before installing, understand that it gives the agent a convenient way to run Maven commands in local directories, so only use it with trusted projects and review commands that could publish, deploy, delete build outputs, or execute unfamiliar Maven plugins.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs an unsafe Maven command or runs in the wrong directory, it could alter project files, build outputs, or local Maven state.
The skill intentionally exposes full Maven passthrough. This is coherent with the stated purpose, but Maven goals and plugins can perform local build actions or other side effects.
All non-wrapper args are passed directly to Maven
Use it only on trusted projects and review high-impact Maven goals such as install, deploy, release, or arbitrary plugin invocations before running them.
Install-time checks may not warn if Node.js or Maven is missing, causing the skill to fail at runtime.
The registry metadata does not declare required binaries, while SKILL.md says the skill requires node and mvn in PATH. This is a minor dependency declaration gap rather than hidden behavior.
Required binaries (all must exist): none
Confirm that node and mvn are installed and available in PATH before using the skill.