Mermaid Diagrams
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherent and benign for generating Mermaid diagrams, but it relies on installing and running the external Mermaid CLI.
This skill appears safe for its stated purpose. Before installing, be comfortable with installing the external Mermaid CLI from npm and allowing the agent to run `mmdc` locally to render diagram files.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may require adding an external command-line renderer to the user's environment.
The skill depends on a third-party npm CLI installed globally. This is clearly disclosed and central to the purpose, but it means the user must trust that external package.
Install the Mermaid CLI globally: npm install -g @mermaid-js/mermaid-cli
Install the Mermaid CLI from the official npm package, consider pinning a trusted version, and avoid running the installer with unnecessary elevated privileges.
The agent may run the local Mermaid renderer when asked to create diagrams.
The skill tells the agent to run a local CLI command to render diagrams. This command execution is expected for the stated purpose and scoped to temporary diagram files.
Render: `mmdc -i /tmp/mermaid-<name>.mmd -o /tmp/mermaid-<name>.png -t dark -b transparent -s 2`
Use the renderer for intended diagram files, keep outputs in temporary or user-approved paths, and do not run it with elevated privileges unless needed.