← 返回 Skills 市场
102
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install mermaid-image-export
功能描述
Mermaid diagram image export using mermaid-cli. When Claude needs to export Mermaid diagrams as high-quality images (PNG, SVG, PDF) for documentation, presen...
安全使用建议
This package appears to implement a legitimate mermaid-cli exporter, but there are inconsistencies you should clear up before installing: 1) The registry metadata omits the real requirements (Node.js, npm, Chrome/Chromium, mermaid-cli). Treat the included install helper scripts as code you will run locally. 2) Inspect scripts/export_mermaid_image.py and scripts/install_mermaid_cli.py for any subprocess calls (they likely call mmdc/npx and spawn Chrome); confirm they only run expected commands and do not call unexpected network endpoints. 3) Avoid running npm global installs or running with --no-sandbox on sensitive hosts; prefer running the skill inside a sandbox/container or CI runner. 4) If you need to trust the source, verify repository links and authorship (package.json repository points to a different project). If you are not comfortable auditing the scripts, run this in an isolated environment (container or VM) or use a known mermaid-cli installation you manage yourself and configure the skill to use that (e.g., specify --mermaid-cmd 'npx mmdc' or path to your mmdc).
功能分析
Type: OpenClaw Skill
Name: mermaid-image-export
Version: 1.0.0
The skill bundle provides legitimate functionality for exporting Mermaid diagrams but contains significant security vulnerabilities. Specifically, `scripts/batch_export.sh` uses `eval` to execute commands constructed with file paths, and `scripts/install_mermaid_cli.py` uses `subprocess.run(shell=True)`, both of which are susceptible to shell injection if the agent processes untrusted filenames. While these are critical vulnerabilities that could lead to arbitrary command execution, there is no evidence of intentional malice, data exfiltration, or hidden payloads.
能力评估
Purpose & Capability
The skill's name and SKILL.md describe a mermaid-cli image exporter and included scripts (export_mermaid_image.py, install_mermaid_cli.py, batch_export.sh) implement that purpose. However the registry metadata lists no required binaries or environment variables while the documentation repeatedly requires Node.js, npm, mermaid-cli (mmdc) and Chrome/Chromium. The omission in declared requirements is an inconsistency worth noting.
Instruction Scope
Runtime instructions are focused on exporting diagrams via mermaid-cli/Puppeteer and reference creating temporary .mmd files, running mmdc (or npx mmdc) and setting env vars like PUPPETEER_EXECUTABLE_PATH, MMDC_TIMEOUT, NODE_OPTIONS, and PUPPETEER_ARGS. The instructions do not direct data to external endpoints or request credentials, but they do instruct installing global npm packages and disabling Puppeteer sandbox in CI/docker guidance (e.g., --no-sandbox), which broadens the runtime capabilities and can reduce containment.
Install Mechanism
There is no formal install spec in the registry; installation is handled by included scripts and by instructing the user to run npm install -g @mermaid-js/mermaid-cli and to install Chrome/Chromium. Using npm/global installs and Puppeteer is common for this functionality (moderate risk) but the lack of an explicit, auditable install manifest in the registry and the reliance on executing install helper scripts increases the risk compared to an instruction-only skill.
Credentials
The skill declares no required environment variables or credentials, yet documentation and code reference several env vars (PUPPETEER_EXECUTABLE_PATH, MMDC_TIMEOUT, NODE_OPTIONS, PUPPETEER_ARGS) and suggest changing PATH and npm global installs. While none are secrets, the skill asks for environment modifications and may run commands that rely on system binaries and global npm packages — the registry should have declared Node/Chrome as required binaries to match the real needs.
Persistence & Privilege
The skill does not request always:true, does not declare persistent credentials, and does not claim to modify other skills or global Claw settings. It operates via scripts invoked at runtime and therefore has normal, limited persistence/privilege for a tooling skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mermaid-image-export - 安装完成后,直接呼叫该 Skill 的名称或使用
/mermaid-image-export触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of professional Mermaid diagram image export using mermaid-cli.
- Supports high-quality PNG, SVG, and PDF output suitable for docs, presentations, and print materials.
- Includes resolution scaling, background color, custom CSS, theme switching, and batch processing.
- Provides troubleshooting guidance and advanced usage examples.
- Compares features with terminal-only rendering tools for clarity.
元数据
常见问题
Mermaid Image Export 是什么?
Mermaid diagram image export using mermaid-cli. When Claude needs to export Mermaid diagrams as high-quality images (PNG, SVG, PDF) for documentation, presen... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 102 次。
如何安装 Mermaid Image Export?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mermaid-image-export」即可一键安装,无需额外配置。
Mermaid Image Export 是免费的吗?
是的,Mermaid Image Export 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Mermaid Image Export 支持哪些平台?
Mermaid Image Export 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Mermaid Image Export?
由 smallnest(@smallnest)开发并维护,当前版本 v1.0.0。
推荐 Skills