← Back to Skills Marketplace

Colormind

Name: Colormind
Author: boilerrat

by boilerrat · GitHub ↗ · v1.1.1

cross-platform ⚠ suspicious

809

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install colormind

Description

Generate color palettes and get color suggestions via the Colormind.io API (list models, generate palettes with optional locked colors).

README (SKILL.md)

Colormind (Color Palette Generator)

⚠️ Privacy & Security Notice:

This skill sends color data to an external service (colormind.io)
The API uses unencrypted HTTP (HTTPS has a self-signed certificate)
When using image_to_palette.sh, derived color data from your images is sent externally
Do not use with sensitive/private images unless you accept this data sharing
Consider running in a sandbox when processing untrusted images (ImageMagick safety)

Colormind exposes a simple API:

POST http://colormind.io/api/ → generate a palette (optionally with locked colors)
GET http://colormind.io/list/ → list available models

List models

node {baseDir}/scripts/list_models.mjs

Generate a random palette

node {baseDir}/scripts/generate_palette.mjs --model default
node {baseDir}/scripts/generate_palette.mjs --model ui

Generate a palette with locked colors

Provide 5 slots. Use:

an RGB triple: "r,g,b" (locks that slot)
N (free slot)

Examples:

# lock 2 colors, let colormind fill the rest
node {baseDir}/scripts/generate_palette.mjs --model default \
  --input "44,43,44" "90,83,82" N N N

# lock a brand color, keep a free gradient
node {baseDir}/scripts/generate_palette.mjs --model ui \
  --input "0,122,255" N N N N

Output:

always prints JSON
if --pretty is set, also prints a small Markdown block (hex + RGB)

node {baseDir}/scripts/generate_palette.mjs --model default --pretty

Sample an image → get a palette

Requires ImageMagick (convert). This samples a small palette from an image, picks the most frequent color as the "base", then generates a Colormind palette from it.

# returns JSON with sampled colors + a generated Colormind palette
bash {baseDir}/scripts/image_to_palette.sh /path/to/image.jpg --model ui
bash {baseDir}/scripts/image_to_palette.sh /path/to/image.jpg --model default

Notes:

Colormind may slightly adjust locked colors.
Models refresh daily (UTC+8).

Usage Guidance

This skill appears to do exactly what it claims: sample image colors and call colormind.io to generate palettes. Before installing, consider these privacy and safety points: (1) all API calls use plain HTTP (unencrypted) — network observers can see the RGB values you send, so do not use with sensitive or proprietary images/colors; (2) image processing uses ImageMagick ('convert') — use a recent patched ImageMagick and consider running in a sandbox for untrusted images; (3) the skill does not request any credentials, but it does make outbound network requests to colormind.io; if you need encrypted transport or tighter control, host a Colormind-compatible API behind HTTPS or use a local palette-generation library. If you plan to run this in an automated agent, add explicit user consent before processing images and restrict allowed image sources/directories.

Capability Analysis

Type: OpenClaw Skill Name: colormind Version: 1.1.1 This skill is classified as suspicious due to two primary reasons: 1) The `image_to_palette.sh` script uses ImageMagick's `convert` command on user-provided image paths, which, as acknowledged in `SKILL.md` and `SECURITY.md`, presents a potential Remote Code Execution (RCE) vulnerability if processing untrusted or malicious images. While the script attempts to quote the image path, ImageMagick itself has a history of vulnerabilities, and the risk is inherent to its use. 2) All network communication to `colormind.io` (for listing models and generating palettes) occurs over unencrypted HTTP, as explicitly stated in `SKILL.md`, `SECURITY.md`, and confirmed by `scripts/generate_palette.mjs` and `scripts/list_models.mjs`. This exposes transmitted color data to potential eavesdropping. Despite extensive and transparent documentation of these risks, they represent significant security vulnerabilities and risky capabilities, preventing a 'benign' classification, but lacking clear evidence of intentional malicious behavior to warrant a 'malicious' classification.

Capability Assessment

✓ Purpose & Capability

Name/description (generate palettes via Colormind) match the included scripts and runtime instructions. Required binaries (node, python3, ImageMagick 'convert') are legitimately needed by the included files. No unexpected credentials, config paths, or unrelated binaries are requested.

✓ Instruction Scope

SKILL.md and scripts limit actions to: reading a provided image path, running ImageMagick to sample colors, parsing results, and POST/GET to colormind.io. The README explicitly warns that image-derived color data is sent externally and that the API uses HTTP. The scripts use temp files and trap-based cleanup; they do not read other system files or environment secrets.

✓ Install Mechanism

This is instruction-only from the registry perspective (no installer that downloads external archives). All executable code is included in the skill bundle, so nothing is fetched or extracted at install time. Risk from the install mechanism is minimal.

✓ Credentials

The skill requests no environment variables or credentials. The lack of secrets is proportionate to its functionality. The only notable external access is network calls to colormind.io (documented and expected).

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills, and contains no persistent agents or autorun hooks. It runs only when invoked and does not store credentials or alter system-wide settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install colormind
After installation, invoke the skill by name or use /colormind
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.1

Fixed metadata (added python3 to required binaries) and added prominent privacy warnings about external data sharing and unencrypted HTTP transport. Enhanced SECURITY.md with detailed considerations.

v1.1.0

Refactored for security scanner compliance: replaced inline Python with separate scripts, use temp JSON files instead of heredocs, added SECURITY.md

v1.0.0

Initial release: list models, generate palettes, locked colors; plus optional image sampling via ImageMagick.

Metadata

Slug colormind

Version 1.1.1

License —

All-time Installs 1

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is Colormind?

Generate color palettes and get color suggestions via the Colormind.io API (list models, generate palettes with optional locked colors). It is an AI Agent Skill for Claude Code / OpenClaw, with 809 downloads so far.

How do I install Colormind?

Run "/install colormind" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Colormind free?

Yes, Colormind is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Colormind support?

Colormind is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Colormind?

It is built and maintained by boilerrat (@boilerrat); the current version is v1.1.1.

More Skills