This week's tip of the week is Excalidraw MCP.
I've been reaching for this a lot lately. When I was building an interactive demo for Pomerium (where I work) and needed a diagram showing the flow.
My diagram for SSH proxying with Pomerium created with the Excalidraw MCP
Here’s the prompt I used to generate the diagram above:
create an excalidraw diagram to explain this
When a user connects, the SSH client speaks directly to Pomerium — not to the target server. Pomerium intercepts the connection, validates the user's identity via OAuth, and if the policy allows it, proxies the session to the upstream SSH server.
SSH client → Pomerium (SSH proxy) → target sshd
↓
authenticate.pomerium.app
(OAuth / IdP)
On first connection, Pomerium issues the user a signed SSH certificate (via a User CA key you control). Subsequent connections within the session timeout use the cached credential — no repeated browser prompts.From there I refined what I wanted in plain English instead of editing the diagram. If you want to tweak things manually afterward, you can edit it right in your chat client or open it in Excalidraw directly.
Open in Excalidraw and Edit buttons in the Excalidraw MCP App in Claude
Excalidraw MCP works across clients many of us already use: ChatGPT, Claude, VS Code, and Goose. There's a hosted endpoint at mcp.excalidraw.com so setup is quick without any local install.
Whether it's a PR walkthrough, a tutorial, or finally getting a system design out of your head and into something shareable, this removes most of the friction.
If you’re an OpenClaw fan, I wrote about a skill for Excalidraw for OpenClaw! 👀🦞
That's it! Short and sweet. Until the next one!
