Diagram

PassAudited by ClawScan on May 1, 2026.

Overview

This is a straightforward diagram-generation instruction skill, with only a minor notice that optional image rendering may run an external Mermaid CLI package.

This skill appears safe for normal diagram drafting. Before using image-rendering features, be aware that the documented Mermaid CLI command relies on an external npm package; run it only if you trust that package source and environment.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

If the user asks for an image render, the agent may suggest or use a command that downloads and runs an npm package to create the diagram image.

Why it was flagged

The skill documents an optional command that fetches and runs Mermaid CLI from npm without a pinned version. This is aligned with rendering diagrams, but users should notice and approve external package execution.

Skill content

npx -y @mermaid-js/mermaid-cli mmdc -i diagram.mmd -o diagram.png -b transparent

Recommendation

Only run the rendering command in a trusted environment, and consider pinning the Mermaid CLI version if repeatability or supply-chain control matters.