Swimlane Arch
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: swimlane-arch-skill Version: 1.1.6 The skill bundle is a legitimate utility for generating Draw.io XML diagrams (swimlanes and architecture charts) from natural language descriptions. The instructions in SKILL.md and README.md are focused on diagram logic, color schemes, and structural formatting. While it supports an optional integration with the ProcessOn API (via open.pingcode.com), this is a documented feature for cloud-based diagramming and does not exhibit signs of unauthorized data exfiltration or malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API key is configured, the agent may use that ProcessOn-related account to create or upload diagram content.
The skill can use an API key from the environment to act against a third-party diagram service. This is aligned with the optional ProcessOn feature, but users should know that an account credential may be used.
如用户配置了 ProcessOn API Key(环境变量 `PROCESSON_API_KEY`),则优先调用 ProcessOn API
Only configure PROCESSON_API_KEY if you want cloud generation; otherwise leave it unset and use the default Draw.io XML output.
Private process or architecture information included in a diagram could be sent to the external ProcessOn/PingCode API when the API key is present.
The skill discloses an external cloud API upload path for generated diagrams. This is purpose-aligned, but diagram content may include business processes or architecture details.
调用 `POST https://open.pingcode.com/v1/graph` 上传并生成图片 ... 返回 ProcessOn 在线链接
For confidential diagrams, request local Draw.io XML output or ensure you are comfortable with the third-party service receiving the diagram content.