Skillv1.0.0

ClawScan security

Mindmap Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 18, 2026, 12:32 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill largely does what it claims (render Mermaid mindmaps and send them to Telegram) but contains clear inconsistencies around required environment variables and runtime dependencies that you should resolve before installing.
Guidance: This skill appears to do what it says (generate Mermaid mindmaps and send them to Telegram), but there are a few important inconsistencies and operational notes you should consider before installing or enabling it: - TELEGRAM_BOT_TOKEN is required at runtime (used in scripts and README) but is not declared in the skill metadata or SKILL.md. Do not run the skill until you are ready to provide a bot token for a bot you control. Treat that token as sensitive. - The skill expects node and npx (declared). It also calls curl and may rely on a local/global mmdc binary; if mmdc is not installed it will run 'npx -y @mermaid-js/mermaid-cli', which downloads packages from npm at runtime. If you have supply-chain concerns, pre-install @mermaid-js/mermaid-cli in a controlled environment rather than letting npx fetch it. - All rendered images and any fallback text are sent to Telegram via the Bot API. Anything the agent includes in the mindmap (including meeting notes, transcripts, or other context) will be transmitted to Telegram servers. If the data is sensitive, consider using a private bot/account or avoid sending through Telegram. - The skill's SKILL.md instructs the agent to use calendar/memory/voice transcript context; ensure you are comfortable with the agent exposing those contexts to the bot-mediated delivery channel. - Operational recommendations: update the skill metadata to declare TELEGRAM_BOT_TOKEN and mention 'curl' as a dependency; run the scripts in a sandboxed environment first; verify the bot token scope and that the bot only has access to chats you expect; and, if you prefer, pre-install mermaid-cli to avoid runtime npx installs. Given these inconsistencies (missing declared env var and an undeclared runtime dependency), treat this skill as suspicious until the manifest is corrected and you confirm the deployment/runtime policy for npm downloads and Telegram bot usage.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (render Mermaid mindmaps and deliver PNGs to Telegram) matches the scripts and README: Node/npm (mermaid-cli) for rendering and Telegram Bot API for delivery. However, the skill metadata and SKILL.md declare required binaries as node and npx only and list no environment variables, while the scripts and README clearly require a TELEGRAM_BOT_TOKEN and also use curl. Omitting the bot token from the declared requirements is a material mismatch.
Instruction Scope: noteSKILL.md instructs the agent to extract hierarchical structure from user input, memory, calendar data and optional transcripts — which is expected for a 'Chief of Staff' mindmap generator. All network activity described goes to the Telegram Bot API (via sendPhoto/sendMessage) and to npm (via npx) for mermaid-cli if not present. The instructions do not ask the agent to read unrelated secrets or system files, but they do assume access to agent memory/calendar context. Fallback behavior posts raw Mermaid content to Telegram; be aware this transmits whatever text the agent generated or received.
Install Mechanism: noteThere is no install spec (instruction-only), which reduces upfront install risk. At runtime render_mindmap.sh will prefer a local/global mmdc binary and otherwise calls 'npx -y @mermaid-js/mermaid-cli' to auto-install mermaid-cli. Auto-install via npx means code will be fetched from the npm registry during execution — expected for this use case but a moderate runtime supply-chain consideration.
Credentials: concernDeclared 'required env vars: none' is inconsistent with the code/README: the scripts require TELEGRAM_BOT_TOKEN (or a passed bot token) to send images and messages. The skill does not request any unrelated credentials, but failing to declare the Telegram token is a notable omission that affects safety and installation planning. The skill uses only that token and no other external credentials.
Persistence & Privilege: okThe skill does not request always:true or modify other skills. It runs on demand and its scripts do not modify system-wide agent configuration. Temporary files are written in /tmp with timestamped names and are removed; no persistent privileges or automatic always-on behavior are requested.