excalidraw-skill

The Excalidraw Skill appears largely benign and coherent with its stated purpose of programmatic diagram drawing and editing via a local canvas server using MCP or REST. The main security considerations involve potential data exposure when sharing diagrams externally and ensuring the canvas server remains trusted and scoped to localhost or properly secured endpoints. No credential harvesting or unexpected external data flows are evident in the material. Treat as a low-to-moderate risk area primarily around data sharing and server exposure; enforce access controls and user consent for any external sharing features.