Skillv1.0.0

ClawScan security

Mermaid Diagram Generation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMay 3, 2026, 1:52 AM

Verdict: Benign
Confidence: medium
Model: gpt-5.5
Summary: This appears to be an instruction-only Mermaid diagram helper with no code, install step, credentials, or data access shown.
Guidance: This skill looks safe for generating Mermaid diagrams from user prompts. As with any diagramming helper, review generated diagrams before sharing them if they contain private architecture, business, or project details.
Findings: [capability:crypto] unexpected: A crypto capability signal is listed, but the supplied artifacts show no cryptographic operations, code, credentials, or related workflow; it appears unsupported by the reviewed content. [capability:can-make-purchases] unexpected: A purchase capability signal is listed, but the artifacts show no payment API, account access, tool use, or purchase instructions; visible payment wording is only part of diagram examples.

Purpose & Capability: okThe visible artifacts describe generating Mermaid syntax and reference examples, which matches the skill description. The listed capability signals for crypto and purchases are not supported by any executable code or payment/crypto workflow in the provided artifacts.
Instruction Scope: okThe instructions focus on formatting Mermaid code blocks and diagram syntax; they do not ask the agent to override user intent, invoke tools, access files, contact services, or perform account actions.
Install Mechanism: okNo install specification, code files, required binaries, environment variables, or credentials are present.
Credentials: okThe skill does not request local system access, network access, browser/session data, or external API access, which is proportionate for a diagram-generation helper.
Persistence & Privilege: okNo persistence, background process, privilege escalation, credential use, or memory behavior is shown.