← 返回 Skills 市场
Pencil Design
作者
Gellert Hegyi
· GitHub ↗
· v1.0.0
· MIT-0
90
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pencil-design
功能描述
Create high-quality visual designs — websites, app screens, dashboards, slides, marketing materials, social media graphics — using the Pencil CLI tool. Use t...
安全使用建议
This skill appears to do what it says (drive the Pencil CLI), but the runtime instructions expect you to install an npm package, authenticate with Pencil (or set PENCIL_CLI_KEY), and have/authorize a Claude Code agent — none of which are declared in the registry metadata. Before installing or running any commands: 1) Inspect the npm package (@pencil.dev/cli) on npmjs.com or the package tarball and review its source and SKILL.md to make sure you trust it. 2) Prefer local install and npx usage over global npm install if you are unsure; avoid running npm install -g without review. 3) Do not paste secrets (PENCIL_CLI_KEY, Claude tokens) into prompts or env vars unless you understand where they are stored and who can access them; verify whether the CLI uploads data to a remote service. 4) If you must fetch SKILL.md from unpkg/jsDelivr, review the fetched file before copying into your agent's skills folder. 5) If possible, run first in an isolated environment/container. 6) Ask the publisher to update the skill metadata to list PENCIL_CLI_KEY and any Claude/agent credential requirements explicitly so you know what will be requested ahead of time.
功能分析
Type: OpenClaw Skill
Name: pencil-design
Version: 1.0.0
The skill bundle provides a legitimate interface for the Pencil CLI design tool, allowing an agent to generate UI mockups and graphics. While the SKILL.md includes instructions for the agent to self-update by fetching its own definition from remote CDNs (unpkg.com/jsDelivr) and suggests using curl to install itself into configuration directories, these actions are clearly documented as maintenance procedures to stay in sync with the CLI version. There is no evidence of data exfiltration, malicious execution, or deceptive prompt injection.
能力评估
Purpose & Capability
The skill name and description describe a CLI-driven design generator (Pencil), which aligns with instructions to run the Pencil CLI and generate .pen files. However, the registry metadata declares no required env vars/credentials while the SKILL.md explicitly references authentication (PENCIL_CLI_KEY, Pencil login/signup) and the need for a Claude Code agent — an inconsistency between claimed requirements and actual runtime needs.
Instruction Scope
The SKILL.md instructs the agent to run shell commands (which is expected) and to install the Pencil CLI via npm, run 'pencil status' (which reads local Pencil config), create or log into user accounts, and use a Claude Code agent for model inference. It also recommends fetching SKILL.md from unpkg/jsDelivr and copying files into agent skill directories (e.g., ~/.cursor/skills). These steps access local config and download remote files; the doc uses env vars and authentication actions that were not declared in the skill metadata.
Install Mechanism
There is no formal install spec, but the document tells users to install @pencil.dev/cli from npm (global or local) and to fetch SKILL.md from unpkg/jsdelivr. npm installs from the public registry and fetching from unpkg/jsDelivr are common, but they involve running third-party code and downloading remote content; users should review the package and avoid blind global installs.
Credentials
The skill metadata lists no required env vars, yet the instructions reference PENCIL_CLI_KEY and require a configured Claude Code agent (authentication via env or subscription). Requesting these credentials is plausible for a CLI that uses remote AI, but omitting them from declared requirements is a mismatch and means the agent or user may be asked to provide secrets unexpectedly.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable. It instructs copying SKILL.md into user skill directories (user-level files) but does not ask to modify other skills or system-wide agent config. Autonomous invocation is allowed by default (disable-model-invocation is false), which is normal — this combines with other concerns but is not itself a new privilege escalation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pencil-design - 安装完成后,直接呼叫该 Skill 的名称或使用
/pencil-design触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
pencil-design 1.0.0
- Initial release of the Pencil Design skill.
- Enables the creation of high-quality visual designs (websites, apps, dashboards, slides, graphics) via the Pencil CLI from natural language prompts.
- Includes setup, installation, and authentication instructions for the Pencil CLI and Claude Code agent requirements.
- Documents update procedures and guidance for keeping skill and CLI versions in sync.
- Provides clear command usage, prompt handling best practices, user expectations for generation time, and instructions for showing results and iterating on designs.
- Lists common install paths for popular agent environments and tips for troubleshooting skill installation.
元数据
常见问题
Pencil Design 是什么?
Create high-quality visual designs — websites, app screens, dashboards, slides, marketing materials, social media graphics — using the Pencil CLI tool. Use t... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 90 次。
如何安装 Pencil Design?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pencil-design」即可一键安装,无需额外配置。
Pencil Design 是免费的吗?
是的,Pencil Design 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pencil Design 支持哪些平台?
Pencil Design 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pencil Design?
由 Gellert Hegyi(@gerhardberger)开发并维护,当前版本 v1.0.0。
推荐 Skills