Stats
Actions
Tags
From agent-skills
Provides JVM dependency intelligence via Maven Tools MCP: version lookup, upgrade safety, CVEs, license risks, and release history for Maven/Gradle projects.
How this skill is triggered — by the user, by Claude, or both
Slash command
/agent-skills:maven-toolsThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Use this skill to ground JVM dependency decisions in live Maven Central data.
Use this skill to ground JVM dependency decisions in live Maven Central data.
This is an execution skill. Use Maven Tools MCP first for dependency facts, then do the reasoning in-model. Assume Maven Tools MCP is already configured; only discuss setup if the tools are unavailable.
Activate when the user asks about:
pom.xml, build.gradle, or build.gradle.ktsUse Maven Tools MCP for version, security, license, freshness, and release-pattern facts from Maven Central.
groupId:artifactId or groupId:artifactId:version as needed.Choose the narrowest tool that matches the request:
| Intent | Tool | Default Parameters |
|---|---|---|
| latest version lookup | get_latest_version | stabilityFilter: PREFER_STABLE |
| check exact version | check_version_exists | none |
| bulk candidate check (no current versions) | check_multiple_dependencies | stabilityFilter: PREFER_STABLE |
| upgrade analysis (single coordinate, with current version) | compare_dependency_versions | includeSecurityScan: true, stabilityFilter: STABLE_ONLY |
whole-POM upgrade plan (raw pom.xml) | recommend_pom_upgrades | mode: MINOR_PATCH |
resolve effective POM versions (raw pom.xml) | analyze_pom_dependencies | none |
| age/freshness | analyze_dependency_age | use project-appropriate threshold |
| maintenance signal / release history | analyze_release_patterns | monthsToAnalyze: 24 |
| full project audit | analyze_project_health | includeSecurityScan: true, includeLicenseScan: true, stabilityFilter: PREFER_STABLE |
Default to analyze_project_health when the user says "check my dependencies" or pastes a project dependency set.
When the user provides raw pom.xml content, prefer the POM-aware tools: analyze_pom_dependencies resolves and classifies effective versions (EXPLICIT / MANAGED / EXPLICIT_OVERRIDE) and surfaces multi-BOM conflicts; recommend_pom_upgrades returns an actionable upgrade plan. Both walk the parent chain, apply <dependencyManagement>, and resolve <scope>import</scope> BOMs; pass sideloadedPoms for monorepo siblings or unreleased parents.
Use check_multiple_dependencies for candidate sets without current versions. Use compare_dependency_versions for single-coordinate upgrade decisions. Use analyze_project_health for broad audits, not every single dependency question.
When the user hands you a raw pom.xml and wants to know what to upgrade ("what can I safely bump?", scheduled maintenance, dependency-bot replacement), lead with recommend_pom_upgrades:
mode: MINOR_PATCH (default) keeps major upgrades out of the safe pathdeterministic_actions[] directly — these are mechanical <version> edits (explicit_bump for declared deps, bom_bump for user-controllable BOMs)needs_attention[] (majors, multi-BOM conflicts, explicit overrides) to human or LLM review; each entry carries the Maven Central latest for contextOne call returns everything mechanical plus the review queue — no per-coordinate fan-out for whole-POM flows. Reach for analyze_pom_dependencies first when the user wants the raw resolution ("what does my POM actually resolve to?") without recommendations.
For a specific dependency ("should I upgrade X from 2.7 to 3.2?"), prefer compare_dependency_versions with:
includeSecurityScan: truestabilityFilter: STABLE_ONLYThen interpret the result conservatively:
When compare_dependency_versions returns same_major_stable_fallback:
If the user asks whether a dependency is safe:
compare_dependency_versions when remediation guidance mattersanalyze_release_patterns when maintenance risk mattersWhen the answer needs migration guides, API details, or library usage patterns, add documentation context before giving a strong recommendation.
Use this order:
WebSearch and WebFetch for official docs, release notes, and migration guidesUse this especially for:
Assume the user already has Maven Tools MCP configured.
arvindand/maven-tools-mcp:latest is the default when raw Context7 tools should be exposed through the same serverarvindand/maven-tools-mcp:latest-noc7 is the clean option when documentation is handled separatelyOnly discuss installation when the tools are unavailable.
| Issue | Action |
|---|---|
| MCP tools unavailable | Tell the user Maven Tools MCP is not configured and point them to https://github.com/arvindand/maven-tools-mcp. Mention :latest when they want raw Context7 in the same server, or :latest-noc7 when docs are handled separately. |
| Dependency not found | Verify groupId:artifactId format and check whether the artifact is on Maven Central. |
| Raw Context7 tools unavailable | Use standalone Context7 tools if available; otherwise fall back to WebSearch and WebFetch. |
| No documentation path is available | Say dependency facts are available but deeper migration or API docs are not available in the current environment. |
| Security scan is incomplete or slow | Use the partial result, say CVE data may be incomplete, and continue with version/maintenance guidance. |
| Version type is unclear | Treat it as unstable and prefer a known stable release. |
License: MIT Requires: Maven Tools MCP server Pairs with: context7 skill or standalone Context7 tools for documentation-heavy follow-up
npx claudepluginhub arvindand/agent-skills --plugin agent-skillsScans Maven/Gradle build files for outdated dependencies, reports available stable updates in a table, and optionally updates versions after build verification.
Manages Maven dependencies in Java projects: declares with scopes, resolves version conflicts and transitives, configures BOMs, and optimizes dependency trees.
Provides Maven-specific conventions for running tests, building, managing dependencies, and project structure when pom.xml is present.