drawio-generator
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a straightforward draw.io link generator, with the main caution that diagram content is embedded into an external diagrams.net URL.
This skill appears safe for ordinary diagram generation. Before installing, be comfortable with running the included Python helper and avoid including secrets or sensitive internal details in diagrams that will be opened or shared through diagrams.net.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local Python command with the user's diagram text, but the included script is small, standard-library-only, and does not show file writes, credential access, or background activity.
The skill requires executing an included local Python helper. This is disclosed and central to generating the draw.io URL.
Run the script `scripts/generate_drawio_url.py` ... `python scripts/generate_drawio_url.py -t mermaid -c "graph TD\n A --> B"`
Use it only when local helper execution is acceptable, and keep the command input limited to the diagram content you want converted.
Opening or sharing the generated link may expose the diagram content to the browser session, anyone with the link, and the external diagrams.net application.
The generated markdown link points to the external diagrams.net app and includes the encoded diagram data in the URL fragment.
payload = json.dumps({"type": diagram_type, "compressed": True, "data": data})
url = f"https://app.diagrams.net/?pv=0&grid=0#create={quote(payload, safe='')}"Avoid putting secrets, credentials, or highly sensitive architecture details in diagrams unless you are comfortable opening them through diagrams.net.