← Back to Skills Marketplace

Sloth D2C Skills

Name: Sloth D2C Skills
Author: cherokeeli

by Cherokeeli · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

237

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install sloth-d2c-skills

Description

将Figma设计稿转换为前端组件代码（Design to Code）。通过MCP工具获取设计稿数据，分片处理并生成最终代码。当用户提到Figma转代码、设计稿转代码、D2C、design to code、生成页面时使用。

Usage Guidance

This skill appears to do what it says (convert Figma design data into code) but has worrisome operational details you should review before installing: 1) The package includes a background subagent (enabledAutoRun) with file-reading tools — confirm how/when that agent runs and restrict its file access (prefer limiting to the .sloth path). 2) The subagent's 'do not read other files' rule is an instruction, not an enforced sandbox; verify runtime enforcement or disable the subagent auto-run. 3) The SKILL.md references an MCP Token/403 errors but doesn't declare where to supply credentials — ask the maintainer which token is needed and why. 4) Troubleshooting suggests installing an npm package (sloth-d2c-mcp) of unknown origin — do not run that install without vetting the package source. If you need to use this skill, prefer running it in an isolated sandbox, inspect/disable the background agent, and verify the MCP tool and any npm package provenance first.

Capability Analysis

Type: OpenClaw Skill Name: sloth-d2c-skills Version: 1.0.1 The skill bundle implements a Figma-to-code (D2C) workflow using a dedicated MCP tool (#d2c_figma) and sub-agents for parallel processing. The logic is consistent with the stated purpose, and the sub-agent (sloth-d2c-agent.md) includes explicit security constraints such as being restricted from writing to the filesystem or using other skills. While it suggests installing a global NPM package (sloth-d2c-mcp) as a troubleshooting step, this is a standard practice for CLI-based developer tools and does not show evidence of malicious intent.

Capability Assessment

✓ Purpose & Capability

The skill's name and description (Design-to-Code using an MCP #d2c_figma tool) align with the runtime instructions: call an MCP tool, process chunks, aggregate, and generate code. No unrelated credentials or binaries are requested by the skill itself.

⚠ Instruction Scope

The SKILL.md asks the main agent to call the #d2c_figma MCP Tool and to write final code into the project — reasonable. However, the included sloth-d2c-agent config declares read_file/search tools and enables background, agentic behavior while also stating 'absolute prohibitions' (do not read other files, do not edit project files). Those prohibitions are only instructions, not enforced restrictions. The agent tools as declared could read arbitrary files accessible to the agent if not programmatically constrained. There's also a mismatch: subagents are said to be used for processing but are forbidden from using MCP/Skills, while the main flow requires MCP.

ℹ Install Mechanism

The skill is instruction-only (no install spec) which is low-risk. SKILL.md includes troubleshooting commands that suggest installing an npm package (npm install -g sloth-d2c-mcp) if a CLI is missing — that references an external package of unknown provenance and could be risky if followed without vetting.

ℹ Credentials

The skill declares no required environment variables or credentials, which is coherent. But error handling references '未配置有效 Token' (403) without specifying which token or where it should be provided. Lack of explicit auth declarations makes it unclear what credentials the MCP Tool needs.

⚠ Persistence & Privilege

The bundled sloth-d2c-agent has enabled: true and enabledAutoRun: true and is_background: true. That implies an agent the platform may auto-run in the background with file-reading tools, increasing persistence and potential attack surface even though the skill's top-level flags (always: false) are normal. This persistent/autonomous subagent combined with broad read tools is a notable risk.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install sloth-d2c-skills
After installation, invoke the skill by name or use /sloth-d2c-skills
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

- 新增 sloth-d2c-agent 相关文档文件 sloth-d2c-agent.md。 - 当前功能未变，仅补充了说明文件。

v1.0.0

Initial release of Figma design-to-code skill. - Enables conversion of Figma design files to frontend component code using MCP tool integration. - Supports core workflow: MCP execution, parallel code chunk processing, and final code generation. - Validates required parameters (`fileKey`, `nodeId`) before execution. - Includes detailed error handling and troubleshooting for common issues. - Provides optional parameters for customization (e.g., depth, framework selection).

Metadata

Slug sloth-d2c-skills

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Sloth D2C Skills?

将Figma设计稿转换为前端组件代码（Design to Code）。通过MCP工具获取设计稿数据，分片处理并生成最终代码。当用户提到Figma转代码、设计稿转代码、D2C、design to code、生成页面时使用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 237 downloads so far.

How do I install Sloth D2C Skills?

Run "/install sloth-d2c-skills" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sloth D2C Skills free?

Yes, Sloth D2C Skills is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Sloth D2C Skills support?

Sloth D2C Skills is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sloth D2C Skills?

It is built and maintained by Cherokeeli (@cherokeeli); the current version is v1.0.1.

More Skills