📦 AI Mermaid Diagrams — 技能工具

v1.0.0

Generate architecture diagrams (network, system, cloud, microservices) and sequence diagrams (API flows, auth flows, data flows) as PNG files using Mermaid....

0· 249·0 当前·0 累计

by @opietaylor911 (OpieTaylor911)·MIT-0

AI模型访问学习教育

下载技能包

License

MIT-0

最后更新

2026/4/14

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

The skill is coherent for generating Mermaid diagrams but its runtime instructions send the diagram source to a third‑party renderer (mermaid.ink) and use a hardcoded user path — which creates a real risk of accidental data exfiltration and some operational oddities.

评估建议

This skill will produce Mermaid .mmd files locally but then sends the diagram source to mermaid.ink by embedding the base64-encoded .mmd in the URL. Before installing or using it, consider: (1) Do not include any sensitive information (internal hostnames, IP ranges, credentials, tokens, or proprietary architecture text) in diagrams you render with this skill, because that content will be transmitted to a third-party service and may appear in logs or proxies. (2) The use of a GET URL with base64 ...

详细分析 ▾

ℹ 用途与能力

The name/description match the instructions: generate Mermaid .mmd files and render PNGs. The required capabilities are minimal and consistent. Note: SKILL.md hardcodes a user-specific path (/home/bcaddy/.openclaw/workspace/diagrams), which is an operational assumption that may not fit other environments.

⚠ 指令范围

Instructions require encoding the entire .mmd content and invoking https://mermaid.ink/img/<BASE64> via curl. This sends diagram source to an external service (third party). Diagrams often contain sensitive internal details (hostnames, IPs, architecture notes, or credentials if accidentally included), so this is a potential data‑exfiltration/privacy risk. Using a GET path with base64 also exposes content in logs, referrers, and proxies and may hit URL length limits. The skill does not instruct any local/offline rendering alternative.

✓ 安装机制

Instruction-only skill; no install spec or downloaded code. Low installation risk because nothing is written to disk by an installer beyond the .mmd and .png files the agent would create per instructions.

ℹ 凭证需求

No environment variables or credentials are required — appropriate and minimal. Observe however the hardcoded filesystem path using a specific username (bcaddy), which is unexpected and could cause failures or accidental writes in other environments.

✓ 持久化与权限

Does not request persistent privileges, always:false, and doesn't modify other skills or system-wide settings. It will write output files to the workspace directory per its instructions (normal for this functionality).

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/13

Initial release — generate architecture diagrams (network, system, cloud, microservices) and sequence diagrams (API flows, auth flows, CI/CD) as PNG using mermaid.ink renderer. No local browser required.

● 可疑

安装命令

点击复制

官方npx clawhub@latest install ai-mermaid-diagrams

镜像加速npx clawhub@latest install ai-mermaid-diagrams --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库