Diagram
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user asks for an image render, the agent may suggest or use a command that downloads and runs an npm package to create the diagram image.
The skill documents an optional command that fetches and runs Mermaid CLI from npm without a pinned version. This is aligned with rendering diagrams, but users should notice and approve external package execution.
npx -y @mermaid-js/mermaid-cli mmdc -i diagram.mmd -o diagram.png -b transparent
Only run the rendering command in a trusted environment, and consider pinning the Mermaid CLI version if repeatability or supply-chain control matters.