plantuml-render
PassAudited by ClawScan on May 8, 2026.
Overview
This skill is a straightforward PlantUML renderer, but users should verify the missing PlantUML JAR and Java dependency before using it.
Before installing, confirm you trust the PlantUML JAR you will use and that Java is available. The artifacts do not show malicious behavior, but the missing JAR means the main executable dependency was not reviewed.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not work until a PlantUML JAR is added, and an untrusted JAR could execute code locally.
The script expects a PlantUML JAR beside the script, but the provided file manifest includes only SKILL.md and scripts/plantuml.py. Users must supply or locate the JAR separately, so its provenance is not reviewed here.
JAR_PATH = os.path.join(os.path.dirname(__file__), "plantuml.jar")
Use an official PlantUML JAR from a trusted source and verify Java is installed before running the skill.
Using the skill runs a local Java process to render diagrams.
The renderer intentionally invokes Java to run PlantUML. This is expected for the stated purpose, but it is still local command execution.
cmd = ["java", "-jar", JAR_PATH, f"-t{fmt}"]Only run it with trusted PlantUML files and a trusted PlantUML JAR.