Is elihuvillaraus/excalidraw-diagram-generator safe?

https://github.com/openclaw/skills/tree/main/skills/elihuvillaraus/excalidraw-diagram-generator

90
SAFE

The excalidraw-diagram-generator skill is a legitimate, well-structured tool for generating Excalidraw JSON diagram files from natural language descriptions. No prompt injection, data exfiltration, malicious code, or suspicious network behavior was detected during the install. The primary concerns are minor: the skill references Python scripts that are absent from the current install (incomplete packaging), and user-directed instructions to download external library files create a low-severity supply-chain consideration. Canary file accesses were attributable to the audit framework's own baseline and verification scans, not to the skill.

Category Scores

Prompt Injection 93/100 · 30%
Data Exfiltration 88/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 90/100 · 10%
Behavioral Reasoning 92/100 · 5%

Findings (5)

LOW Agent-Directed Python Script Execution (Scripts Absent From Install) -10

SKILL.md instructs the agent to invoke Python scripts via bash shell commands (e.g., 'python skills/excalidraw-diagram-generator/scripts/add-icon-to-diagram.py') as part of the icon-library workflow. While this is disclosed behavior, the scripts themselves were not present in the cloned install. If a future update adds these scripts, their contents should be audited separately, as they could execute arbitrary system commands.

LOW Missing Referenced Scripts (Incomplete Packaging) -5

Three Python scripts documented in SKILL.md — scripts/split-excalidraw-library.py, scripts/add-icon-to-diagram.py, and scripts/add-arrow.py — are absent from the cloned install. The skill references a scripts/README.md and scripts/.gitignore as well. This represents incomplete packaging and means the advertised icon-library functionality is non-functional in the current version.

LOW User-Directed External Library Download -8

SKILL.md instructs users to download .excalidrawlib files from https://libraries.excalidraw.com/ and place them in the skill's libraries/ directory before running a splitter script. This creates a minor supply-chain risk if a user is directed to a spoofed or malicious library source, though the current skill text cites the legitimate Excalidraw library site.

INFO Canary Files Read During Audit Framework Baseline and Verification Scans 0

Six canary files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, .config/gcloud/application_default_credentials.json) were read at two points: timestamp 1771906467 (before git clone) and 1771906484 (after install completion). Both accesses were read-only (CLOSE_NOWRITE) and are consistent with the audit framework establishing and verifying canary integrity baselines. No skill-owned code or process is linked to these reads. Canary integrity confirmed intact.

INFO External URL References for User Navigation -5

SKILL.md contains two external URLs (https://excalidraw.com and https://libraries.excalidraw.com/) provided as user-facing navigation instructions ('Visit https://excalidraw.com', 'Click Open or drag-and-drop the file'). These are not instructions for the agent to autonomously fetch content; they are human-readable guidance. No risk of agent-side SSRF.