api-sequence-diagram
v1.0.0根据指定的Java接口(Controller方法/API路径)分析完整调用链路,生成Mermaid时序图,标注关键判断节点、异常处理分支和业务逻辑。当用户要求分析接口调用链路、生成时序图、分析接口流程、查看接口调用关系时使用。
⭐ 0· 54·0 current·0 all-time
byL@lijie012
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (generate sequence diagrams for Java APIs) matches the instructions: locate controller/service/mapper code, follow calls, inspect annotations/SQL, and produce Mermaid output. There are no unrelated environment variables, binaries, or external services required.
Instruction Scope
Instructions rely on workspace code-search helpers (search_symbol, grep_code, read_file) and explicitly instruct reading controllers, services, mapper XML, annotations, and other source files up to 4 layers deep. This stays within the stated purpose, but it necessarily requires full read access to the codebase — so the skill will examine any repository files it can access (which could include secrets unrelated to the API analysis).
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk or downloaded. This is the lowest-risk install model.
Credentials
The skill declares no environment variables, credentials, or config paths. The runtime instructions do not request secrets or external service tokens. The only required capability is reading repository/source files, which is appropriate for static code analysis.
Persistence & Privilege
always is false and the skill does not request permanent system presence or modify other skills/config. It uses the platform's normal code-search/read tools; autonomous invocation is allowed by default but not unique to this skill.
Assessment
This skill appears to do what it says — it will read your Java source files, mapper XML, and annotations to trace call chains and build Mermaid diagrams. Before installing or running it, confirm you are comfortable granting the agent read access to the repository (the skill could encounter any sensitive data present in code or config). Also review generated findings for correctness (the skill interprets business semantics automatically and may mislabel intent). If you want to limit exposure, run it on a sanitized or sample codebase rather than a repo containing secrets or unrelated proprietary data.Like a lobster shell, security has layers — review code before you run it.
latestvk97019h2yxwbxmrt01d9mhc19584crt5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.