Code Flow Graph
v1.0.0This skill generates interactive HTML node-graph diagrams to visualize codebase structure, class relationships, and function call chains. It should be used w...
⭐ 0· 87·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the contents: the repo contains a standalone HTML renderer and a data-format reference; the SKILL.md clearly describes reading the project's source to produce a data JS file and combining it with the included HTML template. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Instructions require reading the project's top-level files and directory layout and—by default—analyzing the entire project (unless the user names a sub-scope). That is coherent for code-visualization, but the SKILL.md's directive to "Begin analysis immediately... Do NOT ask any scoping or language questions" is aggressive and may cause the agent to process the whole repo (which might include sensitive files). The files and instructions do not instruct reading unrelated system config or environment variables.
Install Mechanism
No install spec is provided (instruction-only skill) and example/template files are bundled in the skill. There are no external downloads, package installs, or archive extracts in the metadata — lowest-risk delivery model.
Credentials
Skill declares no required environment variables, credentials, or config paths. The runtime instructions only reference project files and creating an output folder under the project (docs/code_graph). This file-system access is proportionate to the stated purpose.
Persistence & Privilege
The skill will create files under the project's docs/ directory and the README suggests copying the repository into the agent's skills directory for agent usage. always:false (normal). Writing output into the project and copying templates to the agent's skills folder are expected for this use case, but you should be aware the skill writes files and may modify the agent's skills area if you follow the README's installation steps.
Assessment
This skill appears to do what it says: it analyzes your codebase and emits a self-contained HTML viewer plus a generated data JS file. Before you install/run it: 1) be aware the default behavior is to analyze the entire repository immediately unless you explicitly name a subdirectory — if your repo contains secrets or sensitive files, run the skill on a copy or limit the scope; 2) review any generated code_flow_graph_data.js output before committing it (it may include identifiers/function names from your codebase); 3) the skill writes files into <project>/docs/code_graph/ and the README suggests copying the skill into your agent's skills folder — only do that if you trust the code and want persistent availability; 4) if you want tighter control, ask the agent to restrict analysis to a specific module/directory or request a dry-run (overview of what will be read) before proceeding.Like a lobster shell, security has layers — review code before you run it.
codevk977actf2d9v6agc92aqxnzsz583hpjylatestvk977actf2d9v6agc92aqxnzsz583hpjyvisualizationvk977actf2d9v6agc92aqxnzsz583hpjy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.