Is matthewyin/diagram-generator safe?

https://github.com/openclaw/skills/tree/main/skills/matthewyin/diagram-generator

97
SAFE

This is a legitimate diagram generation skill that integrates with an MCP server to create diagrams in multiple formats (draw.io, mermaid, excalidraw). No security concerns detected - the skill contains only documentation and configuration files with no executable code, performs no suspicious network activity beyond normal git clone operations, and accesses no sensitive files.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 98/100 · 5%

Findings (2)

INFO External MCP server dependency -5

Skill requires external MCP server (mcp-diagram-generator) to be installed and configured separately. This adds complexity but poses no direct security risk as no executable code is included in the skill itself.

INFO Contact information disclosure -2

Skill documentation includes author contact email address. This is standard practice for support but represents minor information disclosure.