← Back to Skills Marketplace

generate mermaid diagrams

Name: generate mermaid diagrams
Author: chunhualiao

by Chunhua Liao · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

799

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skill-mermaid-diagrams

Description

Generate consistent, template-based Mermaid diagrams for technical content. Supports 12 diagram types (architecture, flowchart, sequence, concept-map, radial...

Usage Guidance

This skill appears to be what it claims (Mermaid diagram generation), but there are a few practical issues to check before installing: - Template filename mismatch: generate.mjs expects templates named <template>.mmd but the included assets are <template>.mmd.txt. Either rename the asset files to *.mmd or update the script to read .mmd.txt; otherwise generation will fail. - Dependency installation: The recommended install script performs a global npm install of @mermaid-js/mermaid-cli and requires Node >= 18. Global npm installs can require elevated permissions and modify your global environment — run the script in a controlled environment or adjust to a local install (npm install --prefix . @mermaid-js/mermaid-cli) if you prefer. - Local file access: The subagent pattern and scripts read project files (chapter markdown) and write .mmd/.svg/.png files to output directories. This is expected, but confirm you are comfortable with the skill reading the directories you point it at. - Test in isolation: Run the provided test commands (npm run test:semantic and test:render) in a sandbox or throwaway project to confirm behavior. Inspect and/or run scripts with --dry-run or limited inputs first. If you fix the filename mismatch and are okay with a global or local mermaid-cli install, the skill is coherent and usable. If you cannot verify these changes, treat it as untrusted or run it in an isolated environment.

Capability Analysis

Type: OpenClaw Skill Name: skill-mermaid-diagrams Version: 1.0.0 The skill contains a critical shell injection vulnerability (RCE) in `scripts/generate.mjs` and `scripts/validate.mjs`. The `template` name, read directly from the user-controlled `content.json` file, is embedded into `execSync` commands without proper sanitization or quoting. An attacker can craft a `content.json` with a malicious `template` name (e.g., `'; rm -rf /; #'`) to execute arbitrary commands on the host system. This is a severe vulnerability, but there is no evidence of intentional malicious design, classifying it as 'suspicious' rather than 'malicious'.

Capability Assessment

ℹ Purpose & Capability

Name/description, templates, and scripts all align with generating Mermaid diagrams and validating them. However, the generator expects template files named *.mmd while the repository's assets are named *.mmd.txt — an internal inconsistency that will likely break generation unless files are renamed or the code adjusted.

✓ Instruction Scope

Runtime instructions explicitly tell a subagent to read user content (chapter files), create content.json, render templates, and validate output. Reading project content is necessary for this purpose. The instructions do not ask for unrelated system files, credentials, or external endpoints.

ℹ Install Mechanism

No registry install spec is declared, but an install script (scripts/install-deps.sh) will globally install @mermaid-js/mermaid-cli via npm and requires Node >=18. Global npm installs can require elevated privileges on some systems and modify global state; this is expected for mermaid-cli but is an operational risk to be aware of.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. Scripts run local commands and read/write files under specified directories only, which is proportionate to diagram generation.

✓ Persistence & Privilege

The skill is not always-enabled and does not request persistent or system-wide privileges beyond optionally installing a global npm package. It does not modify other skills or global agent settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skill-mermaid-diagrams
After installation, invoke the skill by name or use /skill-mermaid-diagrams
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of skill-mermaid-diagrams. - Supports automatic generation of 12 consistently-styled Mermaid diagram types (e.g. architecture, flowchart, sequence, concept map, timeline, gantt, class, state). - Integrates template selection, LLM-powered content generation, syntax validation, and error handling. - Provides both subagent (automated) and manual workflows. - Includes installation and usage instructions, plus a comprehensive template/placeholder reference.

Metadata

Slug skill-mermaid-diagrams

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is generate mermaid diagrams?

Generate consistent, template-based Mermaid diagrams for technical content. Supports 12 diagram types (architecture, flowchart, sequence, concept-map, radial... It is an AI Agent Skill for Claude Code / OpenClaw, with 799 downloads so far.

How do I install generate mermaid diagrams?

Run "/install skill-mermaid-diagrams" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is generate mermaid diagrams free?

Yes, generate mermaid diagrams is completely free (open-source). You can download, install and use it at no cost.

Which platforms does generate mermaid diagrams support?

generate mermaid diagrams is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created generate mermaid diagrams?

It is built and maintained by Chunhua Liao (@chunhualiao); the current version is v1.0.0.

More Skills