← 返回 Skills 市场
rasimme

Stitch Design

作者 Simeon · GitHub ↗ · v1.2.3 · MIT-0
cross-platform ✓ 安全检测通过
348
总下载
1
收藏
0
当前安装
11
版本数
在 OpenClaw 中安装
/install stitch-design
功能描述
Official Google Stitch SDK wrapper for OpenClaw. Requires only STITCH_API_KEY. Generate UI screens from text, apply targeted edits, branch variants, export H...
安全使用建议
This skill appears to be what it says: a Node CLI wrapper around Google Stitch that needs only STITCH_API_KEY and writes artifacts under its own folders. Before installing: 1) Confirm the STITCH_API_KEY you supply is limited for Stitch usage (do not reuse high-privilege keys); rotate it if you stop using the skill. 2) Run the `npm install` step in an environment you control (or inspect the scripts/package.json first) because it will pull @google/stitch-sdk and transitive packages. 3) If you want higher assurance, review the main CLI (scripts/stitch.mjs) before use — my assessment used the modules shown but that file is large and not fully included above. 4) Expect the agent to contact stitch.googleapis.com and Google CDN screenshot URLs and to save HTML/PNG and JSON locally under the skill directory. 5) If you have strict network/data policies, run the skill in an isolated environment or container. If you want, I can inspect the full scripts/stitch.mjs for any unexpected network endpoints or behaviors to raise confidence to high.
功能分析
Type: OpenClaw Skill Name: stitch-design Version: 1.2.3 The stitch-design skill is a legitimate wrapper for the Google Stitch SDK, enabling AI-driven UI generation and iteration. The codebase demonstrates good security practices, including strict regex-based validation for aliases and design system names to prevent path traversal or injection attacks (found in scripts/names.mjs and scripts/design-system.mjs). It manages local artifacts and an append-only event log for design lineage without any evidence of unauthorized data exfiltration, credential theft, or malicious execution. The instructions in SKILL.md are strictly focused on the tool's functional purpose and do not contain harmful prompt injections.
能力评估
Purpose & Capability
Name/description claim an official Google Stitch SDK wrapper and the package requests only a STITCH_API_KEY and Node — which matches the expected needs of a Stitch CLI. The code modules (download, artifacts, events, names, design-system) implement local artifact storage, event logging, aliasing, and restricted local design-system loading; these are coherent with the stated features (generate/edit/variants, export, local artifacts). No unrelated cloud credentials or binaries are required.
Instruction Scope
SKILL.md instructs running the bundled Node CLI (node scripts/stitch.mjs), installing Node dependencies in scripts/, and declares network access only to Google Stitch APIs and Google-hosted screenshot URLs. The code shows local writes are limited to runs/, state/, and latest-screen.json as documented. The design-system loader only reads markdown from the local design-systems/ directory and validates slugs. I saw no instructions to read other system files or to send data to endpoints outside the Stitch/CDN ecosystem.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md requires running `cd scripts && npm install`, which will pull @google/stitch-sdk and transitive npm packages. This is expected for an SDK wrapper but introduces the usual npm-supply-chain risk (moderate). There are no arbitrary URL downloads or obscure extract/install steps in the provided files.
Credentials
Only STITCH_API_KEY is declared as required and is used as the primary credential (SDK uses X-Goog-Api-Key). No other SECRET/TOKEN/PASSWORD env vars are requested. Local state and artifacts are written under the skill's folders. The code does not appear to require unrelated credentials or config paths.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not request elevated platform privileges. It persists only its own artifacts (runs/, state/, latest-screen.json) and does not modify other skills or system-wide config. Autonomous model invocation is allowed (default) but is not combined with other concerning privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install stitch-design
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /stitch-design 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.3
Sync with [email protected].
v1.2.2
Clarified runtime scope, setup guidance, and dependency/install expectations.
v1.2.1
Safer design-system registry, updated official-SDK positioning, clearer ClawHub listing.
v1.2.0
Design system injection, device type inheritance, screenshot URL validation, multi-screen consistency workflows, bug fixes for recovery/download/variants
v1.1.3
Docs: clarified changelog entries for module extraction (separation of concerns). No code changes.
v1.1.2
Fix: declare Node.js in required binaries (anyBins), add homepage URL, exclude state/ and tests/ from ClawHub package.
v1.1.1
Fix: removed readFile keyword from download.mjs comment that triggered scanner false positive.
v1.1.0
Screen names (alias registry), append-only event log with history & lineage, hi-res image delivery via Google CDN URL suffixes, delta-based variants recovery, corrupt state detection, show accepts alias or screen ID, 57 automated tests, SKILL.md overhaul, README rewritten.
v1.0.3
fix: info command uses list_screens for screen data — get_project doesn't return screens
v1.0.2
v1.0.2: Extract artifacts module — fixes ClawHub static analysis false positive. File I/O separated from API logic (separation of concerns).
v1.0.1
v1.0.1: validation fixes, ClawHub metadata, version sync
元数据
Slug stitch-design
版本 1.2.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 11
常见问题

Stitch Design 是什么?

Official Google Stitch SDK wrapper for OpenClaw. Requires only STITCH_API_KEY. Generate UI screens from text, apply targeted edits, branch variants, export H... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 348 次。

如何安装 Stitch Design?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install stitch-design」即可一键安装,无需额外配置。

Stitch Design 是免费的吗?

是的,Stitch Design 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Stitch Design 支持哪些平台?

Stitch Design 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Stitch Design?

由 Simeon(@rasimme)开发并维护,当前版本 v1.2.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论