Excalidraw Flowchart

The skill generally matches its stated purpose (creating Excalidraw flowcharts) but its runtime instructions contain unexplained/hard‑coded local paths and ask you to run an unreviewed npm CLI (npx), and they allow reading arbitrary local assets — these inconsistencies merit caution before installing or running.

Plainly: this skill appears to do what it says (generate Excalidraw diagrams) but contains two red flags you should consider before installing or running it: 1) it asks you to run an npm CLI (npx @swiftlysingh/excalidraw-cli) — npx runs package code from the registry at runtime, so only run it if you trust the package/author and have reviewed the package source; 2) the instructions require a hard-coded render script (node ~/clawd/skills/excalidraw/scripts/render.js) and allow embedding images/sticker libraries from local paths, which means the skill as written will attempt to read or execute files on the host that are not included in the skill bundle. Recommendations: - Inspect the npm package and the GitHub repo (https://github.com/swiftlysingh/excalidraw-skill and the referenced @swiftlysingh/excalidraw-cli) before using npx. - Do not run npx or npm install globally from an unreviewed package; prefer installing in a sandbox or reviewing the package code first. - Check whether ~/clawd/skills/excalidraw/scripts/render.js exists and inspect it; if not present, modify the workflow to use a renderer provided by the CLI or a known headless renderer. - Be cautious about DSL image or @library directives that reference local paths — they can cause the agent to read local files. - If you want lower risk, ask the skill author to include a clear, self-contained rendering mechanism (or an option that only returns the .excalidraw file for manual review) and to remove hard-coded host-specific paths. Additional information that would reduce concern: the actual render script included in the repository or a statement that the CLI provides a built-in, safe renderer (and a link to the npm/GitHub source) so you can review it.