Draw.io Diagram Generator And Exporter
v3.0.2**Use this skill** when the user wants to create any diagram: flowchart, architecture, UML (sequence/class), ER, mindmap, network topology, or any visual dia...
⭐ 0· 232·0 current·0 all-time
byBruce Van@brucevanfdm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the content: the SKILL.md instructs the agent to generate draw.io XML, save a .drawio file, and export via the draw.io (diagrams.net) desktop CLI. However, the skill metadata does not declare the draw.io CLI or any required binary dependency — the runtime instructions explicitly call a local CLI but the skill's requirements list no required binaries. The absence of that declared dependency is a minor incoherence (likely an oversight) but should be corrected/confirmed.
Instruction Scope
Instructions stay within the stated purpose: they describe how to produce well-formed draw.io XML, layout rules, write the .drawio file to the user's working directory, self-review the XML, and use the draw.io desktop CLI to export images. The only scope-related points to watch are (1) the skill writes files into the user's working directory — confirm where exactly and that the agent has permission to do so; and (2) the skill expects to invoke a local CLI binary (which can run arbitrary native code), so verify that the binary invoked is trustworthy and present. The SKILL.md does not instruct the agent to read unrelated sensitive files or environment variables.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes install-time risk. Nothing is downloaded or written to disk by the skill package itself.
Credentials
The skill requests no environment variables, no credentials, and no configuration paths. This is proportional to the described functionality (local XML generation and optional local CLI export).
Persistence & Privilege
The skill is not marked always:true and does not request persistent presence or modification of other skills' configuration. Autonomous invocation is enabled (the platform default) but that is expected for skills and not by itself a reason to distrust this skill.
Assessment
This skill appears to do what it says (generate draw.io XML and export diagrams), but before installing: 1) Confirm that you actually have the draw.io / diagrams.net desktop CLI installed and that the skill metadata or author documents the exact command the agent will run; if not present the export step will fail. 2) Verify the export binary path and trust the binary (a malicious or replaced CLI could run arbitrary native code). 3) Check and control where the agent will write files (it saves .drawio files to your working directory); avoid running in directories containing sensitive secrets. 4) Prefer the skill metadata to explicitly declare required binaries and exact CLI commands so you can audit them. 5) If you need stronger isolation, test the skill in a sandboxed environment first (or request the author add an explicit dependency declaration and usage examples).Like a lobster shell, security has layers — review code before you run it.
latestvk97fm4s4tmqdqrj1nq8512nded8385e1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.