ClawHub

Mermaid Diagrams

v1.0.0

Generate and render diagrams from Mermaid syntax into PNG, SVG, or PDF using customizable themes and various diagram types.

0· 1.6k·13 current·13 all-time
by@jarekbird
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the contents: the SKILL.md and README describe using @mermaid-js/mermaid-cli (mmdc) to render .mmd files. The included package.json only declares a peerDependency on the mermaid CLI. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped: write a .mmd to /tmp, run mmdc to produce PNG/SVG/PDF, return the image and optionally clean up temp files. The SKILL.md and test script only reference local temp files and the mmdc CLI; they do not read other system files, environment variables, or transmit data to external endpoints.
Install Mechanism
This is an instruction-only skill with no install spec. It instructs the user/agent to install @mermaid-js/mermaid-cli via npm (npm install -g). That is a normal dependency for this task, but installing a global npm package pulls code from the public registry — inspect the mermaid-cli package and its postinstall scripts if you have supply-chain concerns.
Credentials
No environment variables, credentials, or config paths are required. The skill only writes to /tmp and invokes mmdc, which is proportionate to rendering diagrams.
Persistence & Privilege
The skill is not always-enabled and does not request elevated/persistent privileges, nor does it modify other skills or system-wide configs. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill appears to do exactly what it says: generate Mermaid diagrams using the mermaid-cli. Before installing or running it, (1) install @mermaid-js/mermaid-cli from the official npm package (or inspect its contents) rather than running random scripts, (2) run the included generate-test.sh in a safe environment to verify mmdc works for you, (3) be aware that npm global installs pull code from the public registry — if you have strict supply-chain policies prefer installing in an isolated environment or using a pinned version, and (4) the skill writes temporary files to /tmp when rendering; nothing in the skill attempts to read secrets or exfiltrate data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a9cs2mfsvqmpsn23gzft399814je6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments