ClawHub

Nm Cartograph Data Flow

v1.0.0

Generate Mermaid data flow diagrams showing how data moves between components. Use for tracing requests and API call chains

0· 8·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md describes exploring a codebase, building a structural model, converting it into Mermaid sequence diagrams, and rendering via a Mermaid Chart MCP. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions are scoped to exploring a codebase and generating diagrams, which aligns with the stated purpose. However the step 'Explore [scope]' is broad and could cause the agent to read many repository files; the SKILL.md does not explicitly limit/forbid reading sensitive files (credentials, .env, config), so you should limit the exploration scope in practice and confirm the codebase-explorer agent's permissions.
Install Mechanism
No install spec or code files — instruction-only skill. This is low-risk because nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for a diagram-generation skill that transforms code structure into Mermaid.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent presence or elevated platform-wide configuration changes.
Assessment
This skill appears to do what it says and asks for nothing extra, but be cautious about what code you let it 'explore.' When using it, explicitly restrict the exploration scope to the repository or directories you intend (avoid scanning home directories or secrets). Also confirm the permissions of the referenced codebase-explorer agent and that the Mermaid rendering MCP is an internal rendering service (so diagrams and code structure aren't sent to an external endpoint). If you need stricter guarantees, test the skill on a sanitized sample repo first.

Like a lobster shell, security has layers — review code before you run it.

latestvk972r315e2ckytnpeqjpnx9f0h84mcvs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis

Comments