ClawHub

Draw.io Skill

v1.0.1

Create and edit draw.io diagrams through the configured drawio MCP server, including flowcharts, architecture diagrams, ML model diagrams, Chinese labels, an...

0· 132·1 current·1 all-time
by@yyq2024
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the contents: the SKILL.md instructs the agent how to interact with a drawio MCP server (start_session, get_diagram, create_new_diagram, export, etc.). There are no unrelated credentials, binaries, or services requested that would be inconsistent with a draw.io integration.
Instruction Scope
Runtime instructions stay within the expected scope: they describe MCP commands, diagram creation/edit/export workflows, naming conventions, and language/visual rules. The skill does not instruct the agent to read unrelated files, exfiltrate data, call external endpoints beyond the configured MCP server, or access system secrets.
Install Mechanism
No install spec is provided (instruction-only), so nothing is automatically downloaded or written to disk. The README suggests an optional npx command to add a drawio MCP server, but that is a user action and not executed by the skill itself.
Credentials
The skill declares no required environment variables, no config paths, and no credentials. This is proportionate to an instruction-only skill that expects a pre-configured drawio MCP server.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system privileges. agents/openai.yaml sets allow_implicit_invocation: true (permits autonomous invocation), which is normal for skills and acceptable here given the limited scope and lack of sensitive access.
Assessment
This skill appears coherent and self-contained, but before installing or using it: 1) ensure you already have or will configure a trusted drawio MCP server — the skill depends on that server and the README suggests installing @next-ai-drawio/mcp-server via npx (verify the package and source before running npx). 2) Be aware exported files are written to the current workspace by default—confirm your workspace path and permissions. 3) allow_implicit_invocation is enabled in the agent config (normal), so the agent may call the MCP tool autonomously; if you have strict policies about automatic tool use, adjust agent settings. 4) If you plan to use a third-party MCP server, verify its network endpoints and trustworthiness since the skill will interact with that server. Otherwise, the skill's instructions and requirements align with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk9741ve6mtjnjbx1fd2bmfw86n838j0k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments