ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Excalidraw Diagram Generator

v1.0.0

Generate Excalidraw diagrams from natural language descriptions. Use when asked to "create a diagram", "make a flowchart", "visualize a process", "draw a sys...

2· 2.5k·24 current·25 all-time
byMorpheous@elihuvillaraus
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the content: the SKILL.md and reference docs focus on producing Excalidraw JSON for many diagram types. No unrelated credentials, binaries, or config paths are required, which is proportionate to the stated purpose.
Instruction Scope
The runtime instructions are procedural and scoped to: parse user intent, extract elements/relationships, and emit Excalidraw JSON using the provided schema. The instructions do not direct the agent to read local files, access environment variables, or transmit data to external endpoints beyond the Excalidraw file format metadata.
Install Mechanism
There is no install spec and no code files to write or execute. This is the lowest-risk model (instruction-only), so nothing will be pulled from external URLs or written to disk by an installer.
Credentials
The skill declares no required env vars, credentials, or config paths. That matches the described capability (generating JSON diagrams) and therefore the requested permissions are proportionate.
Persistence & Privilege
The skill is not marked always:true, is user-invocable, and uses the platform default for autonomous invocation. It does not request persistent system privileges, nor does it instruct modifying other skills or system settings.
Assessment
This skill appears coherent and low-risk: it only contains instructions and reference documentation for producing Excalidraw-format JSON and requests no secrets or installs. Before using: (1) avoid putting sensitive secrets or credentials into diagram descriptions since anything you type into a prompt can appear in the generated file; (2) review any generated .excalidraw JSON before sharing or loading it into external services; (3) because this is instruction-only, future updates to the skill (if code is later added) could change its risk profile—re-check permissions if the skill is updated. Overall, it's reasonable to enable for diagram generation.

Like a lobster shell, security has layers — review code before you run it.

latestvk978eyznkfjqmgnvny8xy4s41d81f7kx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments