Back to skill
Skillv1.0.0
VirusTotal security
AI Mermaid Diagrams · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 8:02 AM
- Hash
- 50fe25568d14a489d95ab598207d2340f78610260e9b1b6c94df96b3ce4bf265
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-mermaid-diagrams Version: 1.0.0 The skill provides instructions for the agent to execute shell commands (`cat`, `base64`, `curl`) to transmit file contents to an external third-party service (mermaid.ink) for rendering. While this is functionally necessary for the stated purpose of generating diagrams without a local renderer, it creates a high-risk pathway for data exfiltration if the agent is manipulated into processing sensitive files instead of Mermaid code. The skill also relies on hardcoded absolute paths for a specific user directory (/home/bcaddy/), which is a common indicator of poorly scoped or environment-specific scripts.
- External report
- View on VirusTotal