AI Mermaid Diagrams
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent for generating Mermaid diagrams, but users should notice that rendered diagrams are sent to the external mermaid.ink service.
This skill appears safe for ordinary diagram generation. Before using it for proprietary architecture, network topology, authentication flows, or security diagrams, be aware that the Mermaid source is sent to mermaid.ink for rendering and saved under the workspace diagrams directory.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Diagram text may be transmitted to a third-party rendering service, even if the output file is saved locally.
The skill renders diagrams by sending base64-encoded Mermaid content to the external mermaid.ink service. This is disclosed and purpose-aligned, but architecture or authentication diagrams may contain sensitive system details.
curl -s "https://mermaid.ink/img/${ENCODED}?bgColor=white&width=2048"Avoid including secrets or confidential infrastructure details in diagrams sent to mermaid.ink; use a local Mermaid renderer if diagrams are sensitive.
The skill may require common command-line tools and outbound network access even though the metadata does not declare them.
The registry metadata declares no required binaries or install step, while the SKILL.md workflow uses shell utilities such as mkdir, base64, and curl. This is a minor dependency declaration gap rather than a hidden behavior.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Confirm the environment has the needed utilities and that outbound access to mermaid.ink is acceptable before using the skill.