← 返回 Skills 市场
generate mermaid diagrams
作者
Chunhua Liao
· GitHub ↗
· v1.0.0
799
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-mermaid-diagrams
功能描述
Generate consistent, template-based Mermaid diagrams for technical content. Supports 12 diagram types (architecture, flowchart, sequence, concept-map, radial...
安全使用建议
This skill appears to be what it claims (Mermaid diagram generation), but there are a few practical issues to check before installing:
- Template filename mismatch: generate.mjs expects templates named <template>.mmd but the included assets are <template>.mmd.txt. Either rename the asset files to *.mmd or update the script to read .mmd.txt; otherwise generation will fail.
- Dependency installation: The recommended install script performs a global npm install of @mermaid-js/mermaid-cli and requires Node >= 18. Global npm installs can require elevated permissions and modify your global environment — run the script in a controlled environment or adjust to a local install (npm install --prefix . @mermaid-js/mermaid-cli) if you prefer.
- Local file access: The subagent pattern and scripts read project files (chapter markdown) and write .mmd/.svg/.png files to output directories. This is expected, but confirm you are comfortable with the skill reading the directories you point it at.
- Test in isolation: Run the provided test commands (npm run test:semantic and test:render) in a sandbox or throwaway project to confirm behavior. Inspect and/or run scripts with --dry-run or limited inputs first.
If you fix the filename mismatch and are okay with a global or local mermaid-cli install, the skill is coherent and usable. If you cannot verify these changes, treat it as untrusted or run it in an isolated environment.
功能分析
Type: OpenClaw Skill
Name: skill-mermaid-diagrams
Version: 1.0.0
The skill contains a critical shell injection vulnerability (RCE) in `scripts/generate.mjs` and `scripts/validate.mjs`. The `template` name, read directly from the user-controlled `content.json` file, is embedded into `execSync` commands without proper sanitization or quoting. An attacker can craft a `content.json` with a malicious `template` name (e.g., `'; rm -rf /; #'`) to execute arbitrary commands on the host system. This is a severe vulnerability, but there is no evidence of intentional malicious design, classifying it as 'suspicious' rather than 'malicious'.
能力评估
Purpose & Capability
Name/description, templates, and scripts all align with generating Mermaid diagrams and validating them. However, the generator expects template files named *.mmd while the repository's assets are named *.mmd.txt — an internal inconsistency that will likely break generation unless files are renamed or the code adjusted.
Instruction Scope
Runtime instructions explicitly tell a subagent to read user content (chapter files), create content.json, render templates, and validate output. Reading project content is necessary for this purpose. The instructions do not ask for unrelated system files, credentials, or external endpoints.
Install Mechanism
No registry install spec is declared, but an install script (scripts/install-deps.sh) will globally install @mermaid-js/mermaid-cli via npm and requires Node >=18. Global npm installs can require elevated privileges on some systems and modify global state; this is expected for mermaid-cli but is an operational risk to be aware of.
Credentials
The skill requests no environment variables, credentials, or config paths. Scripts run local commands and read/write files under specified directories only, which is proportionate to diagram generation.
Persistence & Privilege
The skill is not always-enabled and does not request persistent or system-wide privileges beyond optionally installing a global npm package. It does not modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-mermaid-diagrams - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-mermaid-diagrams触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of skill-mermaid-diagrams.
- Supports automatic generation of 12 consistently-styled Mermaid diagram types (e.g. architecture, flowchart, sequence, concept map, timeline, gantt, class, state).
- Integrates template selection, LLM-powered content generation, syntax validation, and error handling.
- Provides both subagent (automated) and manual workflows.
- Includes installation and usage instructions, plus a comprehensive template/placeholder reference.
元数据
常见问题
generate mermaid diagrams 是什么?
Generate consistent, template-based Mermaid diagrams for technical content. Supports 12 diagram types (architecture, flowchart, sequence, concept-map, radial... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 799 次。
如何安装 generate mermaid diagrams?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-mermaid-diagrams」即可一键安装,无需额外配置。
generate mermaid diagrams 是免费的吗?
是的,generate mermaid diagrams 完全免费(开源免费),可自由下载、安装和使用。
generate mermaid diagrams 支持哪些平台?
generate mermaid diagrams 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 generate mermaid diagrams?
由 Chunhua Liao(@chunhualiao)开发并维护,当前版本 v1.0.0。
推荐 Skills