PM Toolkit - Excalidraw - "Messy Thoughts" to "Visual Spec" in 30 seconds.
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears benign: it uses a bundled Python script to turn user-provided PM notes into a local Excalidraw file, with no credentials, network access, or persistence shown.
This skill is reasonable to install if you are comfortable running a small bundled Python script that reads a temporary JSON file and writes a local Excalidraw diagram. Use a safe output folder and review the generated diagram before sharing it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill means allowing a local helper script to run and create files on the machine.
The skill directs the agent/user to execute a bundled local Python script and write an output diagram file. This is expected for the stated purpose and the visible code uses local JSON/file operations rather than network or credential access.
python3 skills/pm-visualizer/scripts/layout_diagram.py temp_visual_data.json ~/Downloads/Documents/PM_Visuals/Output_Name.excalidraw
Keep the output path in a normal user-writable folder and review generated files before sharing them.
Users must rely on the provided artifact contents rather than an external project page or repository for trust context.
The skill includes runnable local code but does not provide an external source or homepage for provenance. The referenced script is included in the artifact set and no remote install, unpinned package, or hidden dependency is shown.
Source: unknown; Homepage: none
Review the bundled script before use if provenance matters in your environment.