contract diagram

Name: contract diagram
Author: nonlinear

功能描述

Diagram as contract for agreed-upon AI development

使用说明 (SKILL.md)

Legend	Description
	Not discussed yet
	Agreed by stakeholders
	Needs discussion/failed implementation (always has notes)
	Agreed and implemented
	Implemented but developer made decisions (in notes)
	(dashed border) To be performed outside system

SKILL contract diagram ℹ️

%%{init: {'theme':'base','themeVariables':{"primaryColor":"#4A90E2","primaryTextColor":"#fff","primaryBorderColor":"#2E5C8A","lineColor":"#666","secondaryColor":"#50E3C2","tertiaryColor":"#FFD700","edgeLabelBackground":"#666"},'flowchart':{"nodeSpacing":50,"rankSpacing":50,"padding":15,"curve":"basis"}}}%%
flowchart TD
    TRIGGER["Trigger + contract"]
    CHECK_CONTRACT{"Has contract?"}
    OPEN["Open contract"]
    CLARIFY["Clarify"]
    CHECK_DIAGRAM{"Has diagram?"}
    CREATE["New 1️⃣"]
    CLAIM["Claimed 1️⃣"]
    ERROR["Error 2️⃣"]
    
    DESIGN["Design phase"]
    SIGNOFF["Ready to approve"]
    DEVELOPMENT["Developing..."]
    BLOCKERS{"Has blockers?"}
    TESTS{"Pass checks? 3️⃣"}
    PUBLISH["Publish 3️⃣"]
    
    TRIGGER --> CHECK_CONTRACT
    CHECK_CONTRACT -->|Yes| OPEN
    CHECK_CONTRACT -->|Yes but\x3Cbr/>not editable| ERROR
    CHECK_CONTRACT -->|No| CLARIFY
    CLARIFY --> TRIGGER
    
    OPEN --> CHECK_DIAGRAM
    CHECK_DIAGRAM -->|Yes, more\x3Cbr/>than one| ERROR
    CHECK_DIAGRAM -->|Yes, one| CLAIM
    CHECK_DIAGRAM -->|No| CREATE
    
    CREATE --> DESIGN
    CLAIM --> DESIGN
    DESIGN --> SIGNOFF
    SIGNOFF -->|Approved| DEVELOPMENT
    DEVELOPMENT --> BLOCKERS
    BLOCKERS -->|Yes| DESIGN
    BLOCKERS -->|No| TESTS
    TESTS -->|Yes| PUBLISH
    TESTS -->|No| DESIGN
    
    classDef default fill:#e0e0e0,stroke:#666,color:#000
    classDef approved fill:#FFF9C4,stroke:#F9A825,color:#000
    classDef developed fill:#D5F5D5,stroke:#388E3C,color:#000
    classDef blocker fill:#FFCDD2,stroke:#D32F2F,color:#000
    classDef notes fill:#E3F2FD,stroke:#1976D2,color:#000
    classDef outside fill:#D5F5D5,stroke:#388E3C,stroke-dasharray:5 5,color:#000
    
    class CHECK_DIAGRAM,CREATE,CLAIM,ERROR,SIGNOFF,DESIGN,DEVELOPMENT,BLOCKERS,CHECK_CONTRACT,OPEN,CLARIFY,TRIGGER developed
    class PUBLISH,TESTS outside

1️⃣ Wrapper auto-injects title + phase badge + CSS on first load and watches for change of phase on badge.

2️⃣ More than one diagram confuses system. For now, only one per md in order to run.

3️⃣ Checks and publication depend on what and where final product goes, so it's user discretion.

Numbered Notes (1️⃣ 2️⃣ 3️⃣)

When to use:

Pre-execution (design phase):

Questions that need discussion
Trade-offs that need decisions
Unclear requirements

During execution:

Errors AI can't resolve alone
Permission needed (destructive action, cost implications)
Ambiguity in implementation

Format:

### 1️⃣ [Component Name] - [Issue Title]
**Question/Error:** ...
**Context:** ...
**Options:** A, B, C
**Needed:** Decision / Permission / Help

Notes without numbers = just explanations, turn yellow when approved.

Localhost Trigger

Trigger: "lets diagram [PATH]"

Assumes: File at PATH already has mermaid diagram.

Action:

Start localhost server (port 8080)
Open browser with diagram

Example:

User: "lets diagram epic-notes/webhook-contract.md"

AI executes:
  cd ~/Documents/skills/contract-diagram/engine
  ./serve.sh &
  open "http://localhost:8080/?md=../../epic-notes/webhook-contract.md"

Hot reload enabled by default (2s interval).

安全使用建议

This skill will start a local Node-based HTTP server (serve.sh / server.js) that renders a mermaid/markdown file from a path you supply and also exposes endpoints to check realpaths and to write files. Before running it: 1) Do not run on a sensitive host or with elevated privileges; prefer a disposable VM, container, or sandbox. 2) Verify you have Node.js and that the manifest is updated to declare that dependency (the registry metadata currently does not). 3) Inspect server.js carefully — the read/GET handling does not restrict reads to the engine directory, so a crafted ?md=/../../path request can return arbitrary files from the host. 4) If you need write behavior, consider patching server.js to strictly canonicalize and whitelist allowed paths and to require explicit user confirmation before POST /write performs any change. 5) Treat the base64-block scan finding as suspicious: ask the author for clarification or remove any hidden/encoded payloads. If you cannot audit or harden the server, do not run this skill on machines that contain secrets or sensitive data.

功能分析

Type: OpenClaw Skill Name: contract-diagram Version: 1.0.1 The skill is classified as suspicious due to an Arbitrary File Read (AFR) vulnerability and an Information Disclosure vulnerability in `server.js`. The `SKILL.md` explicitly instructs the AI agent to use path traversal (e.g., `../../epic-notes/webhook-contract.md`) when constructing the URL for the local server. The `server.js`'s GET endpoint for serving files (including those specified by the `md` URL parameter) does not sanitize `filePath` for path traversal, allowing arbitrary files to be read from the local filesystem. Additionally, the `/realpath` endpoint in `server.js` can be used to resolve arbitrary file paths, potentially leaking file existence or system structure, although it only returns the basename. There is no evidence of intentional malicious behavior like data exfiltration or persistence, but these are significant vulnerabilities.

能力评估

ℹ Purpose & Capability

The skill's stated purpose is to render and manage 'contract' diagrams. The code and SKILL.md implement a local web viewer that reads markdown files and supports sign‑off (write). That functionality is coherent with the description. However the package does not declare that it requires Node.js (server.js) nor does the metadata warn that the server will read arbitrary filesystem paths — an omission that is disproportionate to the 'instruction-only' appearance in the registry metadata.

⚠ Instruction Scope

Runtime instructions explicitly tell the agent to start the bundled server and open localhost with an md parameter pointing at arbitrary file paths (examples show '../../../...'). The web UI (index.html + server.js) will fetch and serve arbitrary paths supplied via the URL, and the client will POST to /write to test write permission. The SKILL.md therefore directs the agent to read (and optionally write) local files beyond the skill directory — this expands the scope to full host file access and is a material risk if the user or agent supplies sensitive paths.

⚠ Install Mechanism

There is no install spec, but the bundle contains server.js and a shell launcher (serve.sh) that invoke node. The manifest declares no required binaries or dependencies; in practice Node.js must be present to run the skill. That mismatch (no declared runtime requirement but included Node server) is an incoherence and a usability/security risk.

ℹ Credentials

The skill requests no environment variables or credentials, which is consistent. However it exposes a /realpath endpoint and a file-read capability that can be used to enumerate or read host files. Although no secrets are requested explicitly, the ability to fetch arbitrary files from the host is functionally equivalent to requesting broad filesystem access and should be considered high-scope from a secrets perspective.

⚠ Persistence & Privilege

The skill launches a background HTTP server process (serve.sh -> node server.js) on port 8080. While always:false and autonomous invocation are not set to force inclusion, when invoked this creates a persistent local server that serves files and accepts write requests. That persistence increases blast radius (running process exposing endpoints) and should be considered when granting permission to start the skill.

版本历史

v1.0.1

- Added mermaid.min.js for diagram rendering. - Added marked.min.js for Markdown parsing.

v1.0.0

Initial release of contract-diagram skill. - Introduces a standardized diagram-based process for managing and tracking AI development agreements. - Includes a clear badge legend to indicate contract phases (default, approved, blocker, developed, notes, outside). - Mermaid flowchart outlines the workflow from trigger and contract check to design, signoff, development, and publication. - Defines structured methods for raising and documenting design/execution questions via numbered notes. - Provides a localhost trigger command to serve and preview contract diagrams with live reload.

元数据

Slug contract-diagram

版本 1.0.1

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题