ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Diagram Generator

v3.0.0

Use this skill any time the user wants to create diagrams, flowcharts, or visual structures. This includes: architecture diagrams, mind maps, org charts, use...

1· 989·8 current·8 all-time
byAnyGenIO@logictortoise
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (anygen), and required env var (ANYGEN_API_KEY) all directly match the stated purpose of using the AnyGen service to generate diagrams.
Instruction Scope
SKILL.md instructs the agent to authenticate (anygen auth login / API key) and to invoke the AnyGen CLI and an AnyGen workflow skill. These instructions stay within diagram-generation scope. Minor note: it references another skill ('anygen-workflow-generate') and suggests installing it via the AnyGen CLI; that external dependency is not declared in the metadata but is reasonable for operation.
Install Mechanism
Install spec uses a Node/npm package (@anygen/cli) to provide the anygen binary, which is a standard approach. This is moderate-risk compared with instruction-only skills because it installs third-party code from a package registry; it's proportionate to the CLI requirement but users should trust the package and vendor.
Credentials
Only one credential (ANYGEN_API_KEY) is required and declared as the primary credential; that matches the described remote service usage and is proportionate.
Persistence & Privilege
Skill is not forced-always and does not request broad system or cross-skill config access. It does not claim to modify other skills' configs or system-wide settings.
Assessment
This skill appears coherent: it uses the AnyGen CLI and an API key to generate diagrams server-side. Before installing, verify you trust the AnyGen service and the @anygen/cli npm package (check publisher, reviews, and release source). Treat the ANYGEN_API_KEY like any secret: avoid sending sensitive diagrams/data to the service, rotate the key if exposed, and consider creating a scoped key if AnyGen supports it. Note the skill may prompt a browser-based OAuth flow during auth and may install an additional AnyGen workflow skill at run-time as needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk978g0v79d5ya8dqb4a51hnhk583x25k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsanygen
EnvANYGEN_API_KEY
Primary envANYGEN_API_KEY

Install

Node
Bins: anygen
npm i -g @anygen/cli

Comments