ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

generate mermaid diagrams

v1.0.0

Generate consistent, template-based Mermaid diagrams for technical content. Supports 12 diagram types (architecture, flowchart, sequence, concept-map, radial...

0· 710·0 current·0 all-time
byChunhua Liao@chunhualiao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, templates, and scripts all align with generating Mermaid diagrams and validating them. However, the generator expects template files named *.mmd while the repository's assets are named *.mmd.txt — an internal inconsistency that will likely break generation unless files are renamed or the code adjusted.
Instruction Scope
Runtime instructions explicitly tell a subagent to read user content (chapter files), create content.json, render templates, and validate output. Reading project content is necessary for this purpose. The instructions do not ask for unrelated system files, credentials, or external endpoints.
Install Mechanism
No registry install spec is declared, but an install script (scripts/install-deps.sh) will globally install @mermaid-js/mermaid-cli via npm and requires Node >=18. Global npm installs can require elevated privileges on some systems and modify global state; this is expected for mermaid-cli but is an operational risk to be aware of.
Credentials
The skill requests no environment variables, credentials, or config paths. Scripts run local commands and read/write files under specified directories only, which is proportionate to diagram generation.
Persistence & Privilege
The skill is not always-enabled and does not request persistent or system-wide privileges beyond optionally installing a global npm package. It does not modify other skills or global agent settings.
What to consider before installing
This skill appears to be what it claims (Mermaid diagram generation), but there are a few practical issues to check before installing: - Template filename mismatch: generate.mjs expects templates named <template>.mmd but the included assets are <template>.mmd.txt. Either rename the asset files to *.mmd or update the script to read .mmd.txt; otherwise generation will fail. - Dependency installation: The recommended install script performs a global npm install of @mermaid-js/mermaid-cli and requires Node >= 18. Global npm installs can require elevated permissions and modify your global environment — run the script in a controlled environment or adjust to a local install (npm install --prefix . @mermaid-js/mermaid-cli) if you prefer. - Local file access: The subagent pattern and scripts read project files (chapter markdown) and write .mmd/.svg/.png files to output directories. This is expected, but confirm you are comfortable with the skill reading the directories you point it at. - Test in isolation: Run the provided test commands (npm run test:semantic and test:render) in a sandbox or throwaway project to confirm behavior. Inspect and/or run scripts with --dry-run or limited inputs first. If you fix the filename mismatch and are okay with a global or local mermaid-cli install, the skill is coherent and usable. If you cannot verify these changes, treat it as untrusted or run it in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk972d75tq2tfrh6tx78zsv2yy5818fs2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments