Skillv1.0.0

ClawScan security

Draw.io CoderKnock - 智能架构图生成器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 9:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it claims (generate .drawio files, detect and open local Draw.io), but there are a few incoherent/odd bits (a hard-coded user workspace path in simple_test.py and minor manifest/template mismatches) that warrant caution before installing or running.
Guidance: The skill appears to implement its described functionality and is not networked or exfiltrating secrets, but there are small red flags you should review before installing or running it: - Inspect or remove simple_test.py before running. It writes to a hard-coded path (C:\Users\opens\.openclaw\workspace), which looks like a developer/test artifact and could unexpectedly modify that location if it exists on your system. - Run generators in a safe/sandboxed workspace (pass --workspace or run from a disposable directory) so generated files land where you expect. Example: python generate_flow.py "My Flow" --workspace /tmp/drawio-test - Review generated .drawio/.mmd files before opening them in Draw.io if you have strict policies. The scripts write XML to disk and then attempt to open the local draw.io application; opening local binaries is expected but be cautious on shared systems. - Verify the repository/source trust (package.json repo URL exists) if you need provenance. If you require stricter assurance, ask the author to remove test artifacts and confirm the templates included in the published package. If you want, I can point out the exact lines in simple_test.py and suggest a safe edit (e.g., remove the hard-coded path or replace with a workspace parameter) before you run the package.

Review Dimensions

Purpose & Capability: noteThe name/description (Draw.io flow/architecture generator) matches the included code: generators produce .drawio XML and .mmd templates and attempt to open local Draw.io. However, simple_test.py contains a hard-coded path (C:\Users\opens\.openclaw\workspace) that is not justified by the skill's stated purpose and appears to be a leftover/test artifact. Also SKILL.md/README mention a templates/ folder but the packaged manifest did not include a templates directory — the code will create one at runtime, which is plausible but worth noting.
Instruction Scope: noteSKILL.md instructs running Python scripts to generate files and will attempt to detect and launch local Draw.io. The runtime instructions and code are consistent: scripts write .mmd and .drawio files, print instructions, and try to open the Draw.io app. There is no code that reads arbitrary system files or environment variables, and no network exfiltration endpoints. The only scope creep is the test script writing to a specific user path outside the usual working-directory behavior.
Install Mechanism: okThere is no install spec; this is an instruction-and-script-only skill that uses the Python standard library. No downloads or archive extraction are performed by the skill itself, so install risk is low.
Credentials: concernThe skill requires no environment variables or credentials, which is appropriate. The concern is that simple_test.py writes into a hard-coded user-specific path (C:\Users\opens\.openclaw\workspace). Writing into an arbitrary user path without creating directories or asking the caller is unusual and may be unintended. Otherwise there are no credential requests or unnecessary env access.
Persistence & Privilege: okThe skill does not request persistent/always-on privileges and does not modify other skills or global agent settings. It only writes files into the chosen workspace and tries to launch a local draw.io executable — this is within reasonable scope for the described functionality.