plantuml-render
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: plantuml-render Version: 1.0.0 The skill is a straightforward utility for rendering PlantUML diagrams into images. The Python script (scripts/plantuml.py) uses subprocess.run safely to execute a local JAR file, and the instructions in SKILL.md are consistent with the stated functionality, despite containing a hardcoded local path in an example command.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not work until a PlantUML JAR is added, and an untrusted JAR could execute code locally.
The script expects a PlantUML JAR beside the script, but the provided file manifest includes only SKILL.md and scripts/plantuml.py. Users must supply or locate the JAR separately, so its provenance is not reviewed here.
JAR_PATH = os.path.join(os.path.dirname(__file__), "plantuml.jar")
Use an official PlantUML JAR from a trusted source and verify Java is installed before running the skill.
Using the skill runs a local Java process to render diagrams.
The renderer intentionally invokes Java to run PlantUML. This is expected for the stated purpose, but it is still local command execution.
cmd = ["java", "-jar", JAR_PATH, f"-t{fmt}"]Only run it with trusted PlantUML files and a trusted PlantUML JAR.