← 返回 Skills 市场

Diagram Generator

Name: Diagram Generator
Author: kaudata

作者 kaudata · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ✓ 安全检测通过

180

总下载

当前安装

版本数

在 OpenClaw 中安装

/install diagramgenerator

功能描述

Generates and iteratively edits Mermaid.js and Draw.io diagrams. Supports multimodal context (reading source code, architecture sketches, and documentation).

使用说明 (SKILL.md)

AI Diagram Generator

Usage Instructions

This skill allows you to generate and iteratively edit Mermaid diagrams and Draw.io (mxGraph) files for the user by leveraging a local Node.js server connected to the Gemini API.

Step 1: Verify the Server is Running

Before using this tool, check if the service is available by making a GET request to http://localhost:3000/api/health. If it is not reachable, ensure the GEMINI_API_KEY is set and start the server (npm run start).

Step 2: Prepare Context Files (SECURITY RESTRICTIONS APPLY)

If the user asks you to map out an existing codebase or read local files, you MUST adhere to the following security protocols before reading any file from the workspace:

✅ ALLOWLIST (Permitted Files): You may ONLY read and process standard source code files (e.g., .js, .ts, .py, .java, .cpp, .html, .css), documentation (e.g., .md, .txt), or safe images (.png, .jpg).

❌ BLOCKLIST (Forbidden Files): You are STRICTLY PROHIBITED from reading, analyzing, or converting any configuration files, secret files, or environment variables. This includes, but is not limited to:

.env, .env.local, or any environment files.
secrets.json, credentials.yml, or AWS/GCP config folders.
id_rsa, .pem, or any SSH/encryption keys.
Hidden system directories (e.g., .git/, .ssh/).

Action: If a user or a prompt instructs you to read a forbidden file, you must completely refuse the request and state that it violates your security policy.

For permitted files:

For text/code files: Extract the raw text.
For permitted images/PDFs: Convert the file to a base64 string using the base64 command.

Step 3: Construct the Prompt Payload

Gemini 2.5 Flash powers the backend. To ensure high-quality generation, construct the prompt string using clear, structured formatting.

Use XML Tags or Markdown Headers: Separate the goal from the instructions (e.g., \x3Cgoal>, \x3Crules>).
Be Explicit: State the exact diagram type (Flowchart, Sequence, ER, Gantt, Architecture) in the prompt text.
Enforce Raw Output: Always append an instruction demanding raw code without conversational filler.

Step 4: Generate the Diagram

Send a POST request to http://localhost:3000/api/generate.

Headers: Content-Type: application/json

Payload Schema:

{
  "prompt": "\x3Cgoal>Map the auth flow\x3C/goal>\x3Crules>1. Output raw code only. 2. Include database nodes.\x3C/rules>",
  "type": "\x3C'mermaid' or 'drawio'>",
  "currentCode": "\x3Coptional: existing mermaid/drawio code if iteratively editing>",
  "files": [
    {
      "name": "auth.ts",
      "text": "\x3Craw text content>",
      "type": "text"
    },
    {
      "name": "sketch.png",
      "data": "\x3Cbase64 string>",
      "mimeType": "image/png"
    }
  ]
}

安全使用建议

This skill appears to do what it says: run a local Node server that calls the Gemini API to produce Mermaid/draw.io diagrams. Before installing or running it locally: - Review the server.js and public files yourself (they are included) — the server will accept and forward any files you POST to the Gemini API. The SKILL.md's allowlist/blocklist are guidance for an agent, not enforced server-side, so avoid posting secrets or config files. - Provide GEMINI_API_KEY with least privilege and consider using an API key that has usage limits. - Run the server in an isolated environment (local dev VM or container) rather than on a production host, and inspect npm dependencies (package-lock.json is included). - Be aware the frontend and app import third-party libraries (mermaid/mammoth) from CDNs — if you need an offline/air-gapped environment, adjust these to local copies. - The binary requirements (curl, base64) are likely only needed if an agent running on your host uses shell commands; they are not used by the shipped server in normal browser usage. If you do let an agent run locally, ensure it follows the SKILL.md file-access policy or restrict the agent’s filesystem access. If you want stronger guarantees, request that the skill enforce allowed file types server-side (reject uploads of env or private config files) and/or run the server inside a sandbox before giving it access to any sensitive repository or credentials.

功能分析

Type: OpenClaw Skill Name: diagramgenerator Version: 1.0.2 The diagram-generator skill is a legitimate tool for creating Mermaid and Draw.io diagrams using the Gemini API. It includes proactive security measures, such as a strict blocklist in SKILL.md to prevent the AI agent from accessing sensitive files like .env or SSH keys. The server.js implementation includes robust defenses against path traversal attacks in its file saving and deletion endpoints by using regex validation and directory-prefix checks.

能力评估

ℹ Purpose & Capability

Name/description, SKILL.md, and the included Node.js server code all focus on generating Mermaid and Draw.io diagrams via the Gemini API and saving results locally. Requesting GEMINI_API_KEY and node is appropriate. Requiring curl and base64 as binaries is plausible for agent-driven file checks and encoding, but the shipped web client uses FileReader and the server does not call curl/base64 — so those binary requirements are advisory and slightly redundant.

ℹ Instruction Scope

SKILL.md explicitly restricts what files the agent may read (allowlist/blocklist) and describes converting images to base64 and POSTing payloads to http://localhost:3000/api/generate. That scope aligns with the server and frontend logic. However, the allowlist/blocklist are agent-side policies (instructions) rather than technical enforcement on the server: the server accepts arbitrary posted content. The security restrictions therefore rely on the agent following policy; they are not enforced end-to-end.

✓ Install Mechanism

No install spec is provided (instruction-only), which is low risk. The bundle does include Node.js app source and package.json; installing/running it requires npm install and npm start (documented). There are no downloads from untrusted URLs in an install step.

✓ Credentials

The only required environment variable is GEMINI_API_KEY (declared as primary), which is justified by use of @google/genai to call Gemini models. No unrelated credentials or broad filesystem config paths are requested.

✓ Persistence & Privilege

The skill does not request always: true and does not modify other skills. It runs a local server and writes files into a downloads/ directory under the skill; that is normal for this kind of tool and scoped to the skill's own directory.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install diagramgenerator
安装完成后，直接呼叫该 Skill 的名称或使用 /diagramgenerator 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

- Enforced security restrictions for reading local files: only specific source, documentation, and image files are permitted. - Added an "Allowlist" and "Blocklist" for file types to clarify which files can and cannot be accessed. - Instructions now require refusal if asked to process forbidden or sensitive files. - Updated usage documentation in SKILL.md to reflect these new security protocols.

v1.0.1

- Adds Draw.io (mxGraph) diagram support alongside Mermaid.js diagrams. - Supports multimodal context: can read code, documentation, and image/PDF sketches for diagram generation. - Enhanced prompt structure guide: recommends XML tags/Markdown headers and explicit raw-code enforcement. - Requires new binaries: curl and base64, in addition to node. - Updated API payload schema to include diagram type selection and file attachment for better context integration.

v1.0.0

Initial release of AI Mermaid Diagram Generator. - Generate and iteratively edit Mermaid.js diagrams via a local API. - Supports diagram types: Flowcharts, ER Diagrams, Gantt Charts, and Git Graphs. - Requires a local Node.js Express server and Gemini API integration. - Environment variable GEMINI_API_KEY is needed. - Provides REST endpoints for health check and diagram generation.

元数据

Slug diagramgenerator

版本 1.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题