PlantUML
PassAudited by ClawScan on May 12, 2026.
Overview
This skill is a straightforward PlantUML diagram renderer, but users should ensure the local PlantUML jar, Java, and Graphviz tools it relies on are trusted.
Before installing, make sure `~/tools/plantuml.jar`, Java, and Graphviz come from trusted sources. Expect the skill to create PlantUML source files, run the local renderer, and place generated images in OpenClaw's outbound media directory for sending.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the local PlantUML jar or supporting tools are untrusted or tampered with, rendering diagrams would run that code locally.
The skill depends on locally installed executable components that are not installed, pinned, or provenance-checked by the supplied artifacts.
- **PlantUML jar:** `~/tools/plantuml.jar` - **Graphviz:** Required for most diagram types. - **Java:** Required runtime.
Install PlantUML, Java, and Graphviz from trusted sources and verify the jar path before using the skill.
Using the skill will execute the local PlantUML renderer on diagram files and create output images.
The helper script invokes a local Java process to render the selected PlantUML file, which is expected for this skill's purpose.
cmd.extend(["-jar", PLANTUML_JAR]) ... result = subprocess.run(cmd, capture_output=True, text=True)
Use it for files you intend to render, and keep the local renderer dependency trusted and up to date.