Generate Mindmap
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears to generate mind maps as advertised, but it can automatically install an unpinned Python package using pip in a way that may modify the user's Python environment.
Review this skill before installing if you do not want tools to modify your Python environment automatically. For safer use, install Pillow yourself in a dedicated virtual environment or use HTML/SVG/XMind outputs that do not require Pillow.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Generating image or PDF outputs could download and install code into the local Python environment without a separate confirmation step.
When Pillow is missing, the helper automatically runs pip, suppresses install output, and uses --break-system-packages, which can alter the user's Python environment.
subprocess.check_call([sys.executable, "-m", "pip", "install", "pillow", "--quiet", "--disable-pip-version-check", "--break-system-packages"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
Preinstall Pillow in a virtual environment, or change the skill to prompt before installing, pin the dependency version, and avoid --break-system-packages.
The installed Pillow version depends on what pip resolves at runtime, which can vary over time.
Pillow is a purpose-aligned dependency for image/PDF export, but it is not version-pinned in the visible dependency declaration.
metadata: {"openclaw": {"requires": {"bins": ["python3"], "pip": ["pillow"]}}}Pin Pillow to a reviewed version or provide a lockfile/install spec so users know exactly what will be installed.