Skillv1.0.0

ClawScan security

Mermaid Image Uploader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 3, 2026, 4:55 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (convert Mermaid diagrams and upload images), but there are several inconsistencies and small red flags (hidden control characters in SKILL.md, an unexplained hardcoded API key, inaccurate install instructions, and documentation claiming support for Cloudinary although code doesn't implement it) that merit human review before installation.
Guidance: This skill appears to implement Mermaid-to-image conversion and uploaders and is mostly coherent with its description, but take these precautions before installing or running it: - Inspect SKILL.md and README for hidden control characters and remove them. The scanner found unicode control characters which can hide or obfuscate instructions. - Review and remove or explain the hardcoded FreeImage key in image_host_uploader.py — do not assume it's safe to keep or use for sensitive content. - Don't upload diagrams that contain secrets or private data: the tool transmits images (and via Kroki it sends compressed diagram content) to third-party services (kroki.io, freeimage.host, postimages.org, api.imgur.com), so uploaded content becomes visible to those services. - The docs contain an incorrect install command ('pip install mermaid-cli' is wrong) and mention Cloudinary support that isn't implemented; treat documentation as imperfect and verify dependencies (install @mermaid-js/mermaid-cli via npm if you need local mmdc). - If you want stronger assurance, run the code in an isolated environment or sandbox, monitor network calls when converting/uploading, and consider replacing/rotating the hardcoded key or using your own image-host credentials. If you want, I can list the exact lines where the hardcoded key and the unicode control characters appear, or produce a cleaned copy of SKILL.md and point out the Cloudinary references that don't match the code.
Findings: [unicode-control-chars] unexpected: Hidden/unicode control characters were detected in SKILL.md. These are not necessary for a conversion/uploader guide and can be used to obfuscate text or inject hidden instructions. The file should be opened in a hex/visible-control-char viewer and the hidden characters removed or explained.

Review Dimensions

Purpose & Capability: noteName/description match the code: converter + uploader for multiple image hosts. Implemented hosts: FreeImage.host, Postimages, Imgur; conversion methods: Kroki, mermaid-cli, HTML. Minor incoherences: SKILL.md and README mention Cloudinary as supported (and show a table) but there is no Cloudinary implementation in image_host_uploader.py. The uploader contains a hardcoded public key value for FreeImage.host (data {'key': '6d207e02...'}) — plausible as a demo key but unexplained in docs. Overall capability set is consistent with the stated purpose, but the Cloudinary mention and the hardcoded key are unexplained and worth checking.
Instruction Scope: concernRuntime instructions are largely scoped to installing conversion dependencies and using the CLI/Python API. However: SKILL.md contains a detected 'unicode-control-chars' pattern (hidden/obfuscated characters) which can hide text or alter how instructions appear; this is unexpected and should be inspected. Also SKILL.md suggests 'pip install mermaid-cli requests' which is incorrect for mermaid-cli (the package is a Node tool @mermaid-js/mermaid-cli via npm / mmdc), indicating sloppy or incorrect instructions. The skill will send data (diagram images or compressed encoded diagrams via Kroki) to external services (kroki.io, freeimage.host, postimages.org, api.imgur.com) — this is expected for its purpose, but means uploaded diagrams are transmitted to third-party hosts (privacy consideration).
Install Mechanism: okNo install spec in registry (instruction-only), and the code itself does not download or execute remote installers. Dependencies are typical (requests, optional mermaid-cli). There is no use of remote arbitrary download/extract in an install script. The incorrect pip/npm guidance in docs is an implementation/documentation error but does not create an install-time code-execution rischio beyond normal dependency installation.
Credentials: noteThe skill requests no environment variables or platform credentials. It uses a hardcoded FreeImage demo key in image_host_uploader.py and accepts an API key/client id parameter for Imgur via CLI/arguments. There are no unrelated credential requests (no AWS/GitHub tokens, etc.). The hardcoded key is questionable (why include a key in source?) and should be validated or removed; otherwise environment/credential access is proportional.
Persistence & Privilege: okRegistry flags: always=false, normal invocation allowed. The skill does not request persistent or elevated system privileges, does not modify other skills' configs, and does not attempt to enable itself permanently. No persistence or privilege escalation detected in the files.