← 返回 Skills 市场
boilerrat

Colormind

作者 boilerrat · GitHub ↗ · v1.1.1
cross-platform ⚠ suspicious
809
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install colormind
功能描述
Generate color palettes and get color suggestions via the Colormind.io API (list models, generate palettes with optional locked colors).
使用说明 (SKILL.md)

Colormind (Color Palette Generator)

⚠️ Privacy & Security Notice:

  • This skill sends color data to an external service (colormind.io)
  • The API uses unencrypted HTTP (HTTPS has a self-signed certificate)
  • When using image_to_palette.sh, derived color data from your images is sent externally
  • Do not use with sensitive/private images unless you accept this data sharing
  • Consider running in a sandbox when processing untrusted images (ImageMagick safety)

Colormind exposes a simple API:

  • POST http://colormind.io/api/ → generate a palette (optionally with locked colors)
  • GET http://colormind.io/list/ → list available models

List models

node {baseDir}/scripts/list_models.mjs

Generate a random palette

node {baseDir}/scripts/generate_palette.mjs --model default
node {baseDir}/scripts/generate_palette.mjs --model ui

Generate a palette with locked colors

Provide 5 slots. Use:

  • an RGB triple: "r,g,b" (locks that slot)
  • N (free slot)

Examples:

# lock 2 colors, let colormind fill the rest
node {baseDir}/scripts/generate_palette.mjs --model default \
  --input "44,43,44" "90,83,82" N N N

# lock a brand color, keep a free gradient
node {baseDir}/scripts/generate_palette.mjs --model ui \
  --input "0,122,255" N N N N

Output:

  • always prints JSON
  • if --pretty is set, also prints a small Markdown block (hex + RGB)
node {baseDir}/scripts/generate_palette.mjs --model default --pretty

Sample an image → get a palette

Requires ImageMagick (convert). This samples a small palette from an image, picks the most frequent color as the "base", then generates a Colormind palette from it.

# returns JSON with sampled colors + a generated Colormind palette
bash {baseDir}/scripts/image_to_palette.sh /path/to/image.jpg --model ui
bash {baseDir}/scripts/image_to_palette.sh /path/to/image.jpg --model default

Notes:

  • Colormind may slightly adjust locked colors.
  • Models refresh daily (UTC+8).
安全使用建议
This skill appears to do exactly what it claims: sample image colors and call colormind.io to generate palettes. Before installing, consider these privacy and safety points: (1) all API calls use plain HTTP (unencrypted) — network observers can see the RGB values you send, so do not use with sensitive or proprietary images/colors; (2) image processing uses ImageMagick ('convert') — use a recent patched ImageMagick and consider running in a sandbox for untrusted images; (3) the skill does not request any credentials, but it does make outbound network requests to colormind.io; if you need encrypted transport or tighter control, host a Colormind-compatible API behind HTTPS or use a local palette-generation library. If you plan to run this in an automated agent, add explicit user consent before processing images and restrict allowed image sources/directories.
功能分析
Type: OpenClaw Skill Name: colormind Version: 1.1.1 This skill is classified as suspicious due to two primary reasons: 1) The `image_to_palette.sh` script uses ImageMagick's `convert` command on user-provided image paths, which, as acknowledged in `SKILL.md` and `SECURITY.md`, presents a potential Remote Code Execution (RCE) vulnerability if processing untrusted or malicious images. While the script attempts to quote the image path, ImageMagick itself has a history of vulnerabilities, and the risk is inherent to its use. 2) All network communication to `colormind.io` (for listing models and generating palettes) occurs over unencrypted HTTP, as explicitly stated in `SKILL.md`, `SECURITY.md`, and confirmed by `scripts/generate_palette.mjs` and `scripts/list_models.mjs`. This exposes transmitted color data to potential eavesdropping. Despite extensive and transparent documentation of these risks, they represent significant security vulnerabilities and risky capabilities, preventing a 'benign' classification, but lacking clear evidence of intentional malicious behavior to warrant a 'malicious' classification.
能力评估
Purpose & Capability
Name/description (generate palettes via Colormind) match the included scripts and runtime instructions. Required binaries (node, python3, ImageMagick 'convert') are legitimately needed by the included files. No unexpected credentials, config paths, or unrelated binaries are requested.
Instruction Scope
SKILL.md and scripts limit actions to: reading a provided image path, running ImageMagick to sample colors, parsing results, and POST/GET to colormind.io. The README explicitly warns that image-derived color data is sent externally and that the API uses HTTP. The scripts use temp files and trap-based cleanup; they do not read other system files or environment secrets.
Install Mechanism
This is instruction-only from the registry perspective (no installer that downloads external archives). All executable code is included in the skill bundle, so nothing is fetched or extracted at install time. Risk from the install mechanism is minimal.
Credentials
The skill requests no environment variables or credentials. The lack of secrets is proportionate to its functionality. The only notable external access is network calls to colormind.io (documented and expected).
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and contains no persistent agents or autorun hooks. It runs only when invoked and does not store credentials or alter system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install colormind
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /colormind 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
Fixed metadata (added python3 to required binaries) and added prominent privacy warnings about external data sharing and unencrypted HTTP transport. Enhanced SECURITY.md with detailed considerations.
v1.1.0
Refactored for security scanner compliance: replaced inline Python with separate scripts, use temp JSON files instead of heredocs, added SECURITY.md
v1.0.0
Initial release: list models, generate palettes, locked colors; plus optional image sampling via ImageMagick.
元数据
Slug colormind
版本 1.1.1
许可证
累计安装 1
当前安装数 0
历史版本数 3
常见问题

Colormind 是什么?

Generate color palettes and get color suggestions via the Colormind.io API (list models, generate palettes with optional locked colors). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 809 次。

如何安装 Colormind?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install colormind」即可一键安装,无需额外配置。

Colormind 是免费的吗?

是的,Colormind 完全免费(开源免费),可自由下载、安装和使用。

Colormind 支持哪些平台?

Colormind 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Colormind?

由 boilerrat(@boilerrat)开发并维护,当前版本 v1.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论