← Back to Skills Marketplace
sullivangu

Zeplin to Prompt

by sullivangu89 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
245
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install zeplin-to-prompt
Description
Export one or more Zeplin screen URLs into a structured layer tree with local assets and package the result as a zip file. Use when a user shares an app.zepl...
Usage Guidance
This skill mostly does what it claims, but be cautious about how you supply and store Zeplin personal access tokens: the skill's workflow looks up and saves tokens in ~/.zeplin-skill-config.json and the helper node one-liners print tokens to stdout (which your agent may capture). That can expose tokens in chat logs or command output. Before installing or running: 1) Prefer providing tokens via your platform's secure secret storage (not by pasting into chat). 2) If you must paste a token, do not include it in messages that will be displayed or logged; consider setting ZEPLIN_TOKEN only in the runtime environment. 3) Review the node one-liners in SKILL.md — they read/write ~/.zeplin-skill-config.json; if you don't want tokens stored on disk, do not confirm saving them. 4) Run 'npm install' in the skill directory (README instructs this) before using the scripts. 5) Consider auditing or running the scripts in an isolated environment because they write files to your home and create build artifacts. If you are uncomfortable with tokens being stored in a plain file or printed to stdout, do not install/use this skill until its token handling is changed to use secure storage or avoids printing tokens.
Capability Analysis
Type: OpenClaw Skill Name: zeplin-to-prompt Version: 1.0.1 The skill is designed to export Zeplin design screens into a structured JSON/HTML format for use in AI prompts. It manages Zeplin Personal Access Tokens by storing them in a local configuration file (`~/.zeplin-skill-config.json`) with appropriate file permissions (0o600). The implementation uses Node.js and Bash to process design data, download assets from official Zeplin APIs, and package the results into a ZIP file. While it utilizes shell commands for file operations and opening the final report, it employs a robust filename sanitization utility in `lib/fsHelpers.mjs` to mitigate command injection risks. No evidence of data exfiltration, unauthorized remote access, or malicious intent was found.
Capability Assessment
Purpose & Capability
The code and instructions are consistent with the stated purpose: they call the Zeplin API (via @zeplin/sdk), download assets, build a layer tree and HTML preview, and produce zip packages. Requiring project-level Zeplin tokens and writing export artifacts to a build directory is proportionate to exporting Zeplin screens.
Instruction Scope
The SKILL.md instructs the agent to read and write a user file at ~/.zeplin-skill-config.json to look up and store project tokens. The provided inline node one-liners read that file and (on success) print a token to stdout; the skill then uses that token to run export_screen.mjs. Printing tokens to stdout combined with the agent capturing command output creates an exposure risk. The SKILL.md also asks the user to paste personal access tokens into the conversation if a token is missing, which is risky if the chat transcript or command output is stored or visible. The instructions also reference running node scripts that depend on npm packages; the main SKILL.md doesn't explicitly require 'npm install' (only README does), which is a runtime mismatch that could cause failures if dependencies are not present.
Install Mechanism
There is no formal install spec (instruction-only at registry level), but the package includes package.json/package-lock.json and depends on @zeplin/sdk and dotenv. The README recommends running 'npm install' before first use. Because no automated install step is declared, the agent/runtime may attempt to run Node scripts without dependencies, leading to failures. The code and deps are sourced from npm (no suspicious external download URLs).
Credentials
The skill requires Zeplin personal access tokens per project and uses ZEPLIN_TOKEN/zeplin_token environment variables at runtime — appropriate for accessing Zeplin. However, the token storage approach (storing projectId->token in a plaintext JSON file in the user's home) and the inline node code that prints tokens to stdout are not using platform secret storage and could leak secrets. No unrelated credentials or external service tokens are requested.
Persistence & Privilege
The skill writes files into its own build/** directories and creates ~/.zeplin-skill-config.json in the user's home to persist tokens. It does not request 'always: true' and does not modify other skills. Writing to the user's home is within scope for storing tokens but is a privileged action that users should be aware of.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install zeplin-to-prompt
  3. After installation, invoke the skill by name or use /zeplin-to-prompt
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Improves handling of Zeplin screen links: extracts valid screen URLs and prompts users for correct links if needed. - Adds per-project token management, including automated token lookup, masked prompts for missing tokens, and secure storage. - Supports exporting multiple Zeplin screens in one command and packages local assets and metadata into a zip file. - Replies with clear export status and usage instructions, including a summary of successes and failures. - Includes real-time progress updates when exporting multiple screens.
Metadata
Slug zeplin-to-prompt
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Zeplin to Prompt?

Export one or more Zeplin screen URLs into a structured layer tree with local assets and package the result as a zip file. Use when a user shares an app.zepl... It is an AI Agent Skill for Claude Code / OpenClaw, with 245 downloads so far.

How do I install Zeplin to Prompt?

Run "/install zeplin-to-prompt" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Zeplin to Prompt free?

Yes, Zeplin to Prompt is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Zeplin to Prompt support?

Zeplin to Prompt is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Zeplin to Prompt?

It is built and maintained by sullivangu89 (@sullivangu); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments