← Back to Skills Marketplace
rasimme

Stitch Design

by Simeon · GitHub ↗ · v1.2.3 · MIT-0
cross-platform ✓ Security Clean
348
Downloads
1
Stars
0
Active Installs
11
Versions
Install in OpenClaw
/install stitch-design
Description
Official Google Stitch SDK wrapper for OpenClaw. Requires only STITCH_API_KEY. Generate UI screens from text, apply targeted edits, branch variants, export H...
Usage Guidance
This skill appears to be what it says: a Node CLI wrapper around Google Stitch that needs only STITCH_API_KEY and writes artifacts under its own folders. Before installing: 1) Confirm the STITCH_API_KEY you supply is limited for Stitch usage (do not reuse high-privilege keys); rotate it if you stop using the skill. 2) Run the `npm install` step in an environment you control (or inspect the scripts/package.json first) because it will pull @google/stitch-sdk and transitive packages. 3) If you want higher assurance, review the main CLI (scripts/stitch.mjs) before use — my assessment used the modules shown but that file is large and not fully included above. 4) Expect the agent to contact stitch.googleapis.com and Google CDN screenshot URLs and to save HTML/PNG and JSON locally under the skill directory. 5) If you have strict network/data policies, run the skill in an isolated environment or container. If you want, I can inspect the full scripts/stitch.mjs for any unexpected network endpoints or behaviors to raise confidence to high.
Capability Analysis
Type: OpenClaw Skill Name: stitch-design Version: 1.2.3 The stitch-design skill is a legitimate wrapper for the Google Stitch SDK, enabling AI-driven UI generation and iteration. The codebase demonstrates good security practices, including strict regex-based validation for aliases and design system names to prevent path traversal or injection attacks (found in scripts/names.mjs and scripts/design-system.mjs). It manages local artifacts and an append-only event log for design lineage without any evidence of unauthorized data exfiltration, credential theft, or malicious execution. The instructions in SKILL.md are strictly focused on the tool's functional purpose and do not contain harmful prompt injections.
Capability Assessment
Purpose & Capability
Name/description claim an official Google Stitch SDK wrapper and the package requests only a STITCH_API_KEY and Node — which matches the expected needs of a Stitch CLI. The code modules (download, artifacts, events, names, design-system) implement local artifact storage, event logging, aliasing, and restricted local design-system loading; these are coherent with the stated features (generate/edit/variants, export, local artifacts). No unrelated cloud credentials or binaries are required.
Instruction Scope
SKILL.md instructs running the bundled Node CLI (node scripts/stitch.mjs), installing Node dependencies in scripts/, and declares network access only to Google Stitch APIs and Google-hosted screenshot URLs. The code shows local writes are limited to runs/, state/, and latest-screen.json as documented. The design-system loader only reads markdown from the local design-systems/ directory and validates slugs. I saw no instructions to read other system files or to send data to endpoints outside the Stitch/CDN ecosystem.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md requires running `cd scripts && npm install`, which will pull @google/stitch-sdk and transitive npm packages. This is expected for an SDK wrapper but introduces the usual npm-supply-chain risk (moderate). There are no arbitrary URL downloads or obscure extract/install steps in the provided files.
Credentials
Only STITCH_API_KEY is declared as required and is used as the primary credential (SDK uses X-Goog-Api-Key). No other SECRET/TOKEN/PASSWORD env vars are requested. Local state and artifacts are written under the skill's folders. The code does not appear to require unrelated credentials or config paths.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not request elevated platform privileges. It persists only its own artifacts (runs/, state/, latest-screen.json) and does not modify other skills or system-wide config. Autonomous model invocation is allowed (default) but is not combined with other concerning privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install stitch-design
  3. After installation, invoke the skill by name or use /stitch-design
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.3
Sync with [email protected].
v1.2.2
Clarified runtime scope, setup guidance, and dependency/install expectations.
v1.2.1
Safer design-system registry, updated official-SDK positioning, clearer ClawHub listing.
v1.2.0
Design system injection, device type inheritance, screenshot URL validation, multi-screen consistency workflows, bug fixes for recovery/download/variants
v1.1.3
Docs: clarified changelog entries for module extraction (separation of concerns). No code changes.
v1.1.2
Fix: declare Node.js in required binaries (anyBins), add homepage URL, exclude state/ and tests/ from ClawHub package.
v1.1.1
Fix: removed readFile keyword from download.mjs comment that triggered scanner false positive.
v1.1.0
Screen names (alias registry), append-only event log with history & lineage, hi-res image delivery via Google CDN URL suffixes, delta-based variants recovery, corrupt state detection, show accepts alias or screen ID, 57 automated tests, SKILL.md overhaul, README rewritten.
v1.0.3
fix: info command uses list_screens for screen data — get_project doesn't return screens
v1.0.2
v1.0.2: Extract artifacts module — fixes ClawHub static analysis false positive. File I/O separated from API logic (separation of concerns).
v1.0.1
v1.0.1: validation fixes, ClawHub metadata, version sync
Metadata
Slug stitch-design
Version 1.2.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 11
Frequently Asked Questions

What is Stitch Design?

Official Google Stitch SDK wrapper for OpenClaw. Requires only STITCH_API_KEY. Generate UI screens from text, apply targeted edits, branch variants, export H... It is an AI Agent Skill for Claude Code / OpenClaw, with 348 downloads so far.

How do I install Stitch Design?

Run "/install stitch-design" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Stitch Design free?

Yes, Stitch Design is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Stitch Design support?

Stitch Design is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Stitch Design?

It is built and maintained by Simeon (@rasimme); the current version is v1.2.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments