ISAI Mermaid Diagrams
v1.0.0Generate architecture diagrams (network, system, cloud, microservices) and sequence diagrams (API flows, auth flows, data flows) as PNG files using Mermaid....
⭐ 0· 186·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the instructions: the SKILL.md explains how to generate Mermaid (.mmd) files and render them to PNG via a renderer. The required capabilities (none) are proportionate. One minor mismatch: the instructions use a hardcoded path (/home/bcaddy/.openclaw/workspace/diagrams/) which assumes a specific username/environment and may not exist on all hosts.
Instruction Scope
Runtime instructions explicitly transmit the Mermaid source (base64-encoded) to https://mermaid.ink/img/ via curl. That is functionally required to render remotely but means any diagram content (which may include internal architecture, IPs, or secrets if present in labels) is sent to a third party. The skill does not request other unrelated files or credentials.
Install Mechanism
Instruction-only skill with no install spec or bundled code; nothing is written to disk by an installer. Lower install risk.
Credentials
The skill does not request environment variables or credentials (good). It does rely on an absolute filesystem path (/home/bcaddy/...); that is unnecessary to require a specific home directory and could cause failures or unexpected file placements in different environments.
Persistence & Privilege
always is false and the skill has no install script, no permissions or persistence requested, and does not modify other skills or global settings.
Assessment
This skill appears to do what it says: create .mmd and render PNGs. Important things to consider before installing/using:
- Privacy: Rendering is done by posting the base64-encoded Mermaid source to mermaid.ink. Do not use this skill to render diagrams that contain secrets, credentials, internal hostnames/IPs, or other sensitive information unless you are comfortable sending them to that external service. Consider sanitizing diagrams first.
- If you need offline or private rendering, install/use the official mermaid-cli (mmdc) locally or host your own Mermaid rendering endpoint and change the curl target to that host.
- Path: The SKILL.md hardcodes /home/bcaddy/.openclaw/workspace/diagrams/. Ensure the agent's runtime user has a writable workspace, or update the path to your environment. The example base64 command uses GNU base64 flags (-w 0) which may differ on non-Linux systems (macOS's base64 uses -b on some builds); adjust accordingly.
- Trust and retention: Review mermaid.ink's privacy policy/retention practices if you plan to render sensitive diagrams.
If you accept the above (i.e., you will not send sensitive diagrams to a public renderer or you will self-host), the skill is coherent and reasonable to use. If you require strict confidentiality, consider switching to a local renderer before using this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk972n5mmeq5f4sp093334hm6mn82vg8q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.