Visual Explainer Main
v1.0.0Generate beautiful, self-contained HTML pages that visually explain systems, code changes, plans, and data. Use when the user asks for a diagram, architectur...
⭐ 0· 260·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description align with generating HTML diagrams and visual reviews. However, SKILL.md and the prompt templates repeatedly assume access to git, the GitHub CLI (`gh`), the surf-cli/Gemini image pipeline, and to write/read paths under the user's home (e.g., ~/.agent/diagrams/, ~/.agent/memory/, ~/.pi/agent/memory/). The registry metadata declared no required binaries or config paths, so the skill's declared requirements understate what it actually expects to use.
Instruction Scope
Runtime instructions direct the agent to run many local shell commands (git diff, git show, grep, wc, gh pr diff, which surf), read entire changed files, and probe agent memory files (~/.agent/memory/*, ~/.pi/agent/memory/*). They also instruct writing files to ~/.agent/diagrams/ and opening them in a browser. Reading agent memory and arbitrary project files is powerful and privacy-sensitive; those accesses are within the stated purpose (code/plan/diff review) but are not explicitly declared in the skill metadata and merit user awareness.
Install Mechanism
There is no install spec (instruction-only) which is lower-risk, but the package includes a Python script (scripts/generate_header.py). The SKILL.md doesn't instruct running that script, but an agent or user could execute it — review the script before running. No external archives or untrusted downloads are used.
Credentials
The skill declares no required environment variables or credentials, yet its optional image generation path (surf-cli + Gemini) and the use of `gh` may implicitly require credentials or network access. The prompts also reference various home-dir paths (agent memory) that grant access to potentially sensitive conversation history — this level of local access should be explicitly documented and authorized by the user.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills. It writes output to ~/.agent/diagrams/ and opens files in the browser — expected for a renderer. Autonomous invocation is allowed (platform default) but not combined here with other high-risk flags.
What to consider before installing
This skill appears to do what it says (generate styled HTML reviews and diagrams), but review these points before installing:
- The prompts expect to run git and gh commands and to read/write files under your home directory (e.g., ~/.agent/diagrams/, ~/.agent/memory/, ~/.pi/agent/memory/). The registry entry did not declare these config/path dependencies — confirm you are comfortable with the skill reading project files and agent memory.
- Optional image generation uses surf-cli/Gemini if present; that path may require API keys or external network access. If you don't want external image calls, ensure surf-cli is not installed or restrict the agent's network access.
- There is a small Python script included (scripts/generate_header.py). Inspect any bundled scripts before executing them. Because there's no install step, the agent might still execute local code depending on how your agent platform runs skills — verify the platform's execution model.
- If you plan to use diff-review/plan-review/fact-check, test the skill in a sandbox repository first (no secrets, small sample repo) to confirm behavior.
- If you need assurance: ask the skill author for a short list of required binaries (git, gh, surf), explicit config paths the skill reads/writes, and a confirmation of what (if anything) is sent externally when surf is invoked. If unsure, decline installation or restrict the agent's file and network permissions.Like a lobster shell, security has layers — review code before you run it.
latestvk979e9aqtmhh99ek79j9zt05gd82h960
License
MIT-0
Free to use, modify, and redistribute. No attribution required.