Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Prompt to Drawio
v0.1.0Generate and edit draw.io artifacts from natural-language prompts without a frontend. Use when the user asks for prompt-to-diagram workflows that need `.draw...
⭐ 0· 177·0 current·0 all-time
byZhaofeng@lzfxxx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with what the code and SKILL.md do: generate/edit/export draw.io diagrams, ingest local files/URLs, lookup shape libraries, and run optional LLM-driven validation. Expected environment variables (API keys) are documented for standalone CLI mode.
Instruction Scope
Runtime instructions and the script ingest local files (text/pdf/image), fetch URLs, and by default auto-load the nearest .env upward from the current working directory. Those behaviors are within the declared functionality, but auto-loading a project .env and reading arbitrary context files means secrets or other sensitive project values can end up in the environment or be sent to remote model endpoints unless the user explicitly opts out.
Install Mechanism
No install spec in the registry (instruction-only). README suggests GitHub cloning or npx installer, and the script references public GitHub raw URLs for shape libraries and standard Docker image jgraph/drawio as fallback. No opaque external download URLs or extract-from-arbitrary-IP patterns were found.
Credentials
The skill does not require credentials to be declared up-front, but the CLI supports/looks for DRAWIO_LLM_API_KEY, OPENAI_API_KEY and several related vars and will auto-load a nearby .env into the process environment. Auto-loading .env files (without explicit --no-dotenv) can pull unrelated secrets (AWS keys, DB passwords, etc.) into the process. This is plausible for a CLI that needs an LLM key, but the default upward-search dotenv behavior is a proportionality risk if the user is not aware.
Persistence & Privilege
Skill is not marked always:true and does not declare system-wide configuration changes. It reads/writes files the user requests (out-drawio/out-image/backup) and prints a startup config summary; no evidence of modifying other skills or agent-wide settings.
What to consider before installing
This skill appears to do what it claims (generate/edit/export draw.io diagrams using an LLM), but take these precautions before installing or running it:
- Be aware the CLI auto-loads the nearest .env (searches upward) by default and will populate process env vars. If you have sensitive secrets in a project .env, those may be read and (if used as input) sent to the model endpoint. Run with --no-dotenv or set DRAWIO_DOTENV_FILE explicitly to avoid accidental loading.
- The tool will ingest local files and URLs you pass with --file/--url and send their content to the model provider. Do not pass files that contain secrets or sensitive data unless you trust the provider.
- Check the startup configuration summary the script prints (it masks keys but reports presence) to verify which key/base URL will be used.
- If you plan to run inside an agent (in-session LLM mode), prefer that mode so the script does not need an external API key.
- Review and/or run the included script in a controlled environment first (no sensitive .env nearby) to confirm behavior. If you are uncomfortable with automatic .env loading, always use --no-dotenv and provide keys explicitly via secure means.
If you want, I can highlight the exact lines in the script that implement .env auto-loading, dotenv precedence, and the network fetches so you can review them more easily.Like a lobster shell, security has layers — review code before you run it.
latestvk975ekj0eg3ww0ka3v7p9ys54582s47z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.