← Back to Skills Marketplace

yyl-test-skill

Name: yyl-test-skill
Author: yylgit

by yylgit · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

122

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install yyl-test-skill

Description

Professional Figma design analysis and asset export. Use for extracting design data, exporting assets in multiple formats, auditing accessibility compliance,...

Usage Guidance

Before installing or running this skill: - Expect to provide a Figma access token (FIGMA_ACCESS_TOKEN). The registry metadata wrongly lists no required env vars—confirm the token requirement with the author. - Use a least-privilege token: create a Figma token with only the scopes needed for read/export and avoid broad team-level credentials if possible. Revoke the token after use if it's temporary. - Don't store long-lived tokens in shared .env files or source control. If you must, keep the file out of version control and limit filesystem access. - Review the included scripts locally (they are present and readable). They call only api.figma.com and the Figma CDN (expected). Search for any hardcoded or unexpected network endpoints before running. - Run first in an isolated environment (temporary VM or container) so exported files are contained and any unexpected behavior is limited. - Note the package metadata inconsistencies (missing declared env var, differing ownerId in _meta.json versus registry owner) — if you need a higher assurance, ask the publisher for source repository/homepage and an explanation for the metadata mismatch. If you need, I can extract the exact places in the code that read FIGMA_ACCESS_TOKEN and list all HTTP endpoints the scripts call.

Capability Analysis

Type: OpenClaw Skill Name: yyl-test-skill Version: 1.0.0 The Figma Design Analysis & Export skill bundle is a well-structured and functional toolset for interacting with the Figma REST API. The core scripts (figma_client.py, export_manager.py, style_auditor.py, and accessibility_checker.py) implement legitimate features such as asset exporting, WCAG compliance auditing, and design system analysis. The code follows professional practices, including proper error handling and rate limiting, and shows no signs of data exfiltration, malicious execution, or prompt injection. All network activity is directed toward the official Figma API (api.figma.com).

Capability Assessment

⚠ Purpose & Capability

Name/description (Figma analysis & export) match the code: the scripts call the Figma REST API, export images, run audits, and write local deliverables. However, the registry metadata declares no required environment variables or primary credential while both SKILL.md and scripts require a FIGMA_ACCESS_TOKEN—this omission is an incoherence that should have been declared by the skill.

ℹ Instruction Scope

SKILL.md instructions are generally scoped to Figma operations (get-file, export, audit). They explicitly instruct setting FIGMA_ACCESS_TOKEN and running the included Python scripts. The instructions promise 'read-only' access to Figma; the code performs only read operations against the Figma API and writes exported assets locally. There is no evidence in the provided files of instructions to read unrelated host files or exfiltrate data to third-party endpoints outside the Figma API/CDN.

✓ Install Mechanism

This is an instruction-and-code skill with no install spec; it includes a small requirements.txt (requests, aiohttp, pathlib). No remote download/install URLs or archives are used. The install surface is standard for a local Python tool.

⚠ Credentials

The code and SKILL.md require a Figma access token (FIGMA_ACCESS_TOKEN), but the skill metadata claimed no required env vars or primary credential. Requesting a single Figma token is proportionate to the stated purpose, but the missing declaration is a transparency issue. Also note SKILL.md suggests storing token in a .env file (convenient but increases risk if the repository/environment is shared).

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills or system-wide settings. It writes export files to local output directories (expected for an export tool). Autonomous invocation is allowed by default (normal for skills) but does not combine with other high-risk flags here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install yyl-test-skill
After installation, invoke the skill by name or use /yyl-test-skill
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of yyl-test-skill. - Provides information about yiliang.yang, including age, gender, and hobbies.

Metadata

Slug yyl-test-skill

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is yyl-test-skill?

Professional Figma design analysis and asset export. Use for extracting design data, exporting assets in multiple formats, auditing accessibility compliance,... It is an AI Agent Skill for Claude Code / OpenClaw, with 122 downloads so far.

How do I install yyl-test-skill?

Run "/install yyl-test-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is yyl-test-skill free?

Yes, yyl-test-skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does yyl-test-skill support?

yyl-test-skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created yyl-test-skill?

It is built and maintained by yylgit (@yylgit); the current version is v1.0.0.

More Skills