← Back to Skills Marketplace

Diagram Generator

Name: Diagram Generator
Author: kaudata

by kaudata · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ✓ Security Clean

180

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install diagramgenerator

Description

Generates and iteratively edits Mermaid.js and Draw.io diagrams. Supports multimodal context (reading source code, architecture sketches, and documentation).

README (SKILL.md)

AI Diagram Generator

Usage Instructions

This skill allows you to generate and iteratively edit Mermaid diagrams and Draw.io (mxGraph) files for the user by leveraging a local Node.js server connected to the Gemini API.

Step 1: Verify the Server is Running

Before using this tool, check if the service is available by making a GET request to http://localhost:3000/api/health. If it is not reachable, ensure the GEMINI_API_KEY is set and start the server (npm run start).

Step 2: Prepare Context Files (SECURITY RESTRICTIONS APPLY)

If the user asks you to map out an existing codebase or read local files, you MUST adhere to the following security protocols before reading any file from the workspace:

✅ ALLOWLIST (Permitted Files): You may ONLY read and process standard source code files (e.g., .js, .ts, .py, .java, .cpp, .html, .css), documentation (e.g., .md, .txt), or safe images (.png, .jpg).

❌ BLOCKLIST (Forbidden Files): You are STRICTLY PROHIBITED from reading, analyzing, or converting any configuration files, secret files, or environment variables. This includes, but is not limited to:

.env, .env.local, or any environment files.
secrets.json, credentials.yml, or AWS/GCP config folders.
id_rsa, .pem, or any SSH/encryption keys.
Hidden system directories (e.g., .git/, .ssh/).

Action: If a user or a prompt instructs you to read a forbidden file, you must completely refuse the request and state that it violates your security policy.

For permitted files:

For text/code files: Extract the raw text.
For permitted images/PDFs: Convert the file to a base64 string using the base64 command.

Step 3: Construct the Prompt Payload

Gemini 2.5 Flash powers the backend. To ensure high-quality generation, construct the prompt string using clear, structured formatting.

Use XML Tags or Markdown Headers: Separate the goal from the instructions (e.g., \x3Cgoal>, \x3Crules>).
Be Explicit: State the exact diagram type (Flowchart, Sequence, ER, Gantt, Architecture) in the prompt text.
Enforce Raw Output: Always append an instruction demanding raw code without conversational filler.

Step 4: Generate the Diagram

Send a POST request to http://localhost:3000/api/generate.

Headers: Content-Type: application/json

Payload Schema:

{
  "prompt": "\x3Cgoal>Map the auth flow\x3C/goal>\x3Crules>1. Output raw code only. 2. Include database nodes.\x3C/rules>",
  "type": "\x3C'mermaid' or 'drawio'>",
  "currentCode": "\x3Coptional: existing mermaid/drawio code if iteratively editing>",
  "files": [
    {
      "name": "auth.ts",
      "text": "\x3Craw text content>",
      "type": "text"
    },
    {
      "name": "sketch.png",
      "data": "\x3Cbase64 string>",
      "mimeType": "image/png"
    }
  ]
}

Usage Guidance

This skill appears to do what it says: run a local Node server that calls the Gemini API to produce Mermaid/draw.io diagrams. Before installing or running it locally: - Review the server.js and public files yourself (they are included) — the server will accept and forward any files you POST to the Gemini API. The SKILL.md's allowlist/blocklist are guidance for an agent, not enforced server-side, so avoid posting secrets or config files. - Provide GEMINI_API_KEY with least privilege and consider using an API key that has usage limits. - Run the server in an isolated environment (local dev VM or container) rather than on a production host, and inspect npm dependencies (package-lock.json is included). - Be aware the frontend and app import third-party libraries (mermaid/mammoth) from CDNs — if you need an offline/air-gapped environment, adjust these to local copies. - The binary requirements (curl, base64) are likely only needed if an agent running on your host uses shell commands; they are not used by the shipped server in normal browser usage. If you do let an agent run locally, ensure it follows the SKILL.md file-access policy or restrict the agent’s filesystem access. If you want stronger guarantees, request that the skill enforce allowed file types server-side (reject uploads of env or private config files) and/or run the server inside a sandbox before giving it access to any sensitive repository or credentials.

Capability Analysis

Type: OpenClaw Skill Name: diagramgenerator Version: 1.0.2 The diagram-generator skill is a legitimate tool for creating Mermaid and Draw.io diagrams using the Gemini API. It includes proactive security measures, such as a strict blocklist in SKILL.md to prevent the AI agent from accessing sensitive files like .env or SSH keys. The server.js implementation includes robust defenses against path traversal attacks in its file saving and deletion endpoints by using regex validation and directory-prefix checks.

Capability Assessment

ℹ Purpose & Capability

Name/description, SKILL.md, and the included Node.js server code all focus on generating Mermaid and Draw.io diagrams via the Gemini API and saving results locally. Requesting GEMINI_API_KEY and node is appropriate. Requiring curl and base64 as binaries is plausible for agent-driven file checks and encoding, but the shipped web client uses FileReader and the server does not call curl/base64 — so those binary requirements are advisory and slightly redundant.

ℹ Instruction Scope

SKILL.md explicitly restricts what files the agent may read (allowlist/blocklist) and describes converting images to base64 and POSTing payloads to http://localhost:3000/api/generate. That scope aligns with the server and frontend logic. However, the allowlist/blocklist are agent-side policies (instructions) rather than technical enforcement on the server: the server accepts arbitrary posted content. The security restrictions therefore rely on the agent following policy; they are not enforced end-to-end.

✓ Install Mechanism

No install spec is provided (instruction-only), which is low risk. The bundle does include Node.js app source and package.json; installing/running it requires npm install and npm start (documented). There are no downloads from untrusted URLs in an install step.

✓ Credentials

The only required environment variable is GEMINI_API_KEY (declared as primary), which is justified by use of @google/genai to call Gemini models. No unrelated credentials or broad filesystem config paths are requested.

✓ Persistence & Privilege

The skill does not request always: true and does not modify other skills. It runs a local server and writes files into a downloads/ directory under the skill; that is normal for this kind of tool and scoped to the skill's own directory.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install diagramgenerator
After installation, invoke the skill by name or use /diagramgenerator
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.2

- Enforced security restrictions for reading local files: only specific source, documentation, and image files are permitted. - Added an "Allowlist" and "Blocklist" for file types to clarify which files can and cannot be accessed. - Instructions now require refusal if asked to process forbidden or sensitive files. - Updated usage documentation in SKILL.md to reflect these new security protocols.

v1.0.1

- Adds Draw.io (mxGraph) diagram support alongside Mermaid.js diagrams. - Supports multimodal context: can read code, documentation, and image/PDF sketches for diagram generation. - Enhanced prompt structure guide: recommends XML tags/Markdown headers and explicit raw-code enforcement. - Requires new binaries: curl and base64, in addition to node. - Updated API payload schema to include diagram type selection and file attachment for better context integration.

v1.0.0

Initial release of AI Mermaid Diagram Generator. - Generate and iteratively edit Mermaid.js diagrams via a local API. - Supports diagram types: Flowcharts, ER Diagrams, Gantt Charts, and Git Graphs. - Requires a local Node.js Express server and Gemini API integration. - Environment variable GEMINI_API_KEY is needed. - Provides REST endpoints for health check and diagram generation.

Metadata

Slug diagramgenerator

Version 1.0.2

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is Diagram Generator?

Generates and iteratively edits Mermaid.js and Draw.io diagrams. Supports multimodal context (reading source code, architecture sketches, and documentation). It is an AI Agent Skill for Claude Code / OpenClaw, with 180 downloads so far.

How do I install Diagram Generator?

Run "/install diagramgenerator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Diagram Generator free?

Yes, Diagram Generator is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Diagram Generator support?

Diagram Generator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Diagram Generator?

It is built and maintained by kaudata (@kaudata); the current version is v1.0.2.

More Skills