Trust Assessment
diagram-generator received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Missing required field: name, Node lockfile missing, Unsafe `npx` usage with auto-confirmation for external dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe `npx` usage with auto-confirmation for external dependency The skill recommends configuring `mcpServers` to use `npx -y mcp-diagram-generator`. The `npx` command executes a package from the npm registry. The `-y` flag automatically confirms the installation and execution, bypassing user confirmation. This introduces a significant supply chain risk: if the `mcp-diagram-generator` package (or a typosquat) is compromised, it could lead to arbitrary code execution on the host system without explicit user consent at the time of execution. This also represents a command injection vector if the package itself is malicious or contains vulnerabilities. Avoid using `npx` with `-y` for external packages in automated configurations. If `npx` must be used, remove the `-y` flag to require explicit user confirmation. Prefer explicit installation steps (e.g., `npm install -g mcp-diagram-generator`) followed by running the installed executable, or provide a specific version for `npx` (e.g., `npx mcp-diagram-generator@1.2.3`). Consider sandboxing or containerizing the `mcp-diagram-generator` process if it handles untrusted input. | LLM | SKILL.md:40 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/matthewyin/diagram-generator/SKILL.md:1 | |
| MEDIUM | Recommendation to execute local Node.js script via absolute path The skill provides an option to configure `mcpServers` to run a local Node.js script using an absolute path: `"command": "node", "args": ["/absolute/path/to/mcp-diagram-generator/dist/index.js"]`. While this assumes the user has already installed the dependency, it still instructs the host LLM to execute an arbitrary local script. If the user is tricked into installing a malicious `mcp-diagram-generator` or if the path is manipulated, this could lead to command injection. The risk is slightly lower than `npx -y` because it requires prior manual installation by the user, but it still represents a direct command execution instruction. Advise users to verify the integrity and source of any local scripts they are instructed to run. If possible, recommend a more controlled execution environment or a package manager that verifies integrity. Ensure that the `mcp-diagram-generator` itself is robust against command injection if it processes untrusted input. | LLM | SKILL.md:58 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/matthewyin/diagram-generator/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/66d914b44592be46)
Powered by SkillShield