← 返回 Skills 市场

Color Palette Generator

Name: Color Palette Generator
Author: qrost

作者 AddinCui · GitHub ↗ · v1.1.1

cross-platform ⚠ suspicious

1213

总下载

当前安装

版本数

在 OpenClaw 中安装

/install color-palette

功能描述

Extract a color palette from an image and return HEX/RGB values with optional swatch image.

使用说明 (SKILL.md)

Color Palette

Extract dominant colors from a photo and get HEX/RGB values for use in design tools or mood boards.

Dependencies

Pillow (image handling; required)
colorgram (optional; better dominant-color extraction; pip install colorgram.py)
matplotlib (optional; only if generating swatch image with --output)

Setup: OpenClaw does not install Python packages automatically. After installing this skill, run once: pip install -r requirements.txt (from the skill folder or pass the path). If a script fails with ModuleNotFoundError, install the missing package.

Usage

Extract palette from an image

Parameters:

image: Path to the image file (JPEG, PNG, etc.).
-n, --num-colors: Number of colors to extract (default 5, max 20).
--output: Optional path to save a swatch PNG.

python3 scripts/extract_palette.py /path/to/photo.jpg
python3 scripts/extract_palette.py /path/to/photo.jpg -n 8 --output palette_swatch.png

Output: one line per color with HEX and RGB (e.g. #2A4B7C RGB(42, 75, 124)). If --output is set, a simple swatch image is saved.

Sending images to Telegram

These skills are used from the OpenClaw Telegram conversation. To show the user a picture, the agent must (1) run the script with an image output path (PNG or JPG), then (2) send that file to the conversation using the OpenClaw message/media tool. For this skill: use --output \x3Cpath>.png so you have an image to send; then send that PNG to the user.

OpenClaw allowed paths: The message tool only sends files from allowed dirs (~/.openclaw/media/, ~/.openclaw/agents/, or system temp e.g. /tmp). Use e.g. --output ~/.openclaw/media/palette.png or --output /tmp/palette.png; do not use the skill install directory or sending will fail.

Agent behavior: When the user asks to extract colors from an image (or sends an image for a palette), run the script directly with exec: save the image to a temp path if needed, run extract_palette.py \x3Cimage_path> -n \x3CN> --output \x3Cpath>.png with \x3Cpath> under an allowed dir, return the HEX/RGB text and send the swatch PNG. Do not ask for confirmation; execute and return the palette and image.

Examples

User: "Extract 5 colors from this image" (with image attached).
Action: Save the image to a temp path, run extract_palette.py \x3Cpath> -n 5 --output /tmp/palette.png, return the HEX/RGB list and send the swatch PNG.

User: "Give me a color palette from [image] and save the swatch as swatch.png."
Action: Run with --output swatch.png, return the palette text and send the image.

安全使用建议

This skill is coherent and appears to do what it says: it runs a small local Python script that reads an image and prints/saves colors. Before installing, ensure you are comfortable running the script and installing Python dependencies (pip install -r requirements.txt) in an environment you control. Be aware the SKILL.md instructs the agent to execute the script without asking for extra confirmation when a user requests a palette or uploads an image — if you prefer explicit consent for each action, disable autonomous invocation for this skill or adapt the instructions. Review the included script (scripts/extract_palette.py) yourself if you need higher assurance; it contains no network calls or hidden behavior. If you don't trust the source (homepage/source unknown), run in an isolated environment or decline installation.

功能分析

Type: OpenClaw Skill Name: color-palette Version: 1.1.1 The skill is classified as suspicious due to its reliance on the `shell:exec` permission and instructions in `SKILL.md` for the agent to directly execute a Python script with user-provided input (image path, output path) without confirmation. While the Python script (`scripts/extract_palette.py`) itself appears benign and the `SKILL.md` attempts to guide the agent towards safe output directories, the combination creates a significant vulnerability for prompt injection or shell injection if the OpenClaw agent fails to properly sanitize user input before constructing the shell command. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence, but the potential for remote code execution via agent mishandling of parameters elevates it beyond benign.

能力评估

✓ Purpose & Capability

Name/description match the included files and behavior. The only resources requested are Python imaging libraries (Pillow, optional colorgram.py, matplotlib) which are appropriate for extracting colors and generating swatches. No unrelated credentials, binaries, or config paths are required.

ℹ Instruction Scope

SKILL.md instructs the agent to save incoming images to a temp/allowed path, run the provided script via exec, and send the generated swatch. This stays within the stated purpose. One notable directive: 'Do not ask for confirmation; execute and return the palette and image.' That is reasonable when the user explicitly requests palette extraction or uploads an image, but the phrasing grants the agent discretion to execute without additional confirmation in other contexts — consider whether you want that behavior enabled for autonomous runs.

✓ Install Mechanism

There is no automatic install spec (instruction-only). Dependencies are listed in requirements.txt and the README asks the operator to pip-install them manually. This is low-risk: nothing is automatically downloaded or executed by the platform during install.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. The runtime only needs file read/write access for the input image and optional swatch output (and the output must be in allowed dirs to be shareable).

✓ Persistence & Privilege

always is false and the skill does not request persistent system-wide privileges or modify other skills. disable-model-invocation is false (normal), which allows autonomous invocation per platform defaults; this is expected for user-invoked utilities but note the earlier 'do not ask for confirmation' guidance could widen automated behavior.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install color-palette
安装完成后，直接呼叫该 Skill 的名称或使用 /color-palette 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.1

Patch: OpenClaw allowed media paths docs.

v1.1.0

Minor version bump.

v1.0.0

Extract HEX/RGB from image; optional swatch PNG for Telegram.

元数据

Slug color-palette

版本 1.1.1

许可证 —

累计安装 5

当前安装数 3

历史版本数 3

常见问题