← Back to Skills Marketplace
102
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install mermaid-image-export
Description
Mermaid diagram image export using mermaid-cli. When Claude needs to export Mermaid diagrams as high-quality images (PNG, SVG, PDF) for documentation, presen...
Usage Guidance
This package appears to implement a legitimate mermaid-cli exporter, but there are inconsistencies you should clear up before installing: 1) The registry metadata omits the real requirements (Node.js, npm, Chrome/Chromium, mermaid-cli). Treat the included install helper scripts as code you will run locally. 2) Inspect scripts/export_mermaid_image.py and scripts/install_mermaid_cli.py for any subprocess calls (they likely call mmdc/npx and spawn Chrome); confirm they only run expected commands and do not call unexpected network endpoints. 3) Avoid running npm global installs or running with --no-sandbox on sensitive hosts; prefer running the skill inside a sandbox/container or CI runner. 4) If you need to trust the source, verify repository links and authorship (package.json repository points to a different project). If you are not comfortable auditing the scripts, run this in an isolated environment (container or VM) or use a known mermaid-cli installation you manage yourself and configure the skill to use that (e.g., specify --mermaid-cmd 'npx mmdc' or path to your mmdc).
Capability Analysis
Type: OpenClaw Skill
Name: mermaid-image-export
Version: 1.0.0
The skill bundle provides legitimate functionality for exporting Mermaid diagrams but contains significant security vulnerabilities. Specifically, `scripts/batch_export.sh` uses `eval` to execute commands constructed with file paths, and `scripts/install_mermaid_cli.py` uses `subprocess.run(shell=True)`, both of which are susceptible to shell injection if the agent processes untrusted filenames. While these are critical vulnerabilities that could lead to arbitrary command execution, there is no evidence of intentional malice, data exfiltration, or hidden payloads.
Capability Assessment
Purpose & Capability
The skill's name and SKILL.md describe a mermaid-cli image exporter and included scripts (export_mermaid_image.py, install_mermaid_cli.py, batch_export.sh) implement that purpose. However the registry metadata lists no required binaries or environment variables while the documentation repeatedly requires Node.js, npm, mermaid-cli (mmdc) and Chrome/Chromium. The omission in declared requirements is an inconsistency worth noting.
Instruction Scope
Runtime instructions are focused on exporting diagrams via mermaid-cli/Puppeteer and reference creating temporary .mmd files, running mmdc (or npx mmdc) and setting env vars like PUPPETEER_EXECUTABLE_PATH, MMDC_TIMEOUT, NODE_OPTIONS, and PUPPETEER_ARGS. The instructions do not direct data to external endpoints or request credentials, but they do instruct installing global npm packages and disabling Puppeteer sandbox in CI/docker guidance (e.g., --no-sandbox), which broadens the runtime capabilities and can reduce containment.
Install Mechanism
There is no formal install spec in the registry; installation is handled by included scripts and by instructing the user to run npm install -g @mermaid-js/mermaid-cli and to install Chrome/Chromium. Using npm/global installs and Puppeteer is common for this functionality (moderate risk) but the lack of an explicit, auditable install manifest in the registry and the reliance on executing install helper scripts increases the risk compared to an instruction-only skill.
Credentials
The skill declares no required environment variables or credentials, yet documentation and code reference several env vars (PUPPETEER_EXECUTABLE_PATH, MMDC_TIMEOUT, NODE_OPTIONS, PUPPETEER_ARGS) and suggest changing PATH and npm global installs. While none are secrets, the skill asks for environment modifications and may run commands that rely on system binaries and global npm packages — the registry should have declared Node/Chrome as required binaries to match the real needs.
Persistence & Privilege
The skill does not request always:true, does not declare persistent credentials, and does not claim to modify other skills or global Claw settings. It operates via scripts invoked at runtime and therefore has normal, limited persistence/privilege for a tooling skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mermaid-image-export - After installation, invoke the skill by name or use
/mermaid-image-export - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of professional Mermaid diagram image export using mermaid-cli.
- Supports high-quality PNG, SVG, and PDF output suitable for docs, presentations, and print materials.
- Includes resolution scaling, background color, custom CSS, theme switching, and batch processing.
- Provides troubleshooting guidance and advanced usage examples.
- Compares features with terminal-only rendering tools for clarity.
Metadata
Frequently Asked Questions
What is Mermaid Image Export?
Mermaid diagram image export using mermaid-cli. When Claude needs to export Mermaid diagrams as high-quality images (PNG, SVG, PDF) for documentation, presen... It is an AI Agent Skill for Claude Code / OpenClaw, with 102 downloads so far.
How do I install Mermaid Image Export?
Run "/install mermaid-image-export" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Mermaid Image Export free?
Yes, Mermaid Image Export is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Mermaid Image Export support?
Mermaid Image Export is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Mermaid Image Export?
It is built and maintained by smallnest (@smallnest); the current version is v1.0.0.
More Skills