← 返回 Skills 市场
258
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install stitch-design-agent
功能描述
Skill for an agent that integrates designs generated by Google Stitch directly into an app under development. Use this skill whenever the agent needs to: aut...
安全使用建议
Before installing, confirm the skill's origin (homepage/owner) and ask the publisher to fix the metadata to list STITCH_TOKEN (and any service-account key) as required. Do not grant a token with the cloud-platform scope unless you understand and accept the broad GCP privileges; prefer a least-privilege scope if Stitch exposes one. Expect the agent to write files into your repo and run build/lint commands — run this in a sandbox or on a branch, review generated code before committing, and ensure CI/linters/tests gate commits. If using a service account, store keys securely and restrict them to only the APIs needed. If the publisher cannot justify the scopes/credentials or provide a trustworthy homepage/source, treat the skill with caution and avoid installing it in production environments.
功能分析
Type: OpenClaw Skill
Name: stitch-design-agent
Version: 1.0.2
The skill requests an overly broad Google OAuth scope (cloud-platform) for a UI design task and utilizes high-risk capabilities including arbitrary shell execution (bash), file system modification (file_write), and external network requests. While the workflow in SKILL.md aligns with the stated purpose of integrating AI-generated designs, the combination of broad permissions and the potential for Remote Code Execution via the integration of unvetted code from an external API (stitch.googleapis.com) poses a significant security risk. No clear evidence of intentional malice or data exfiltration was found, but the over-privileged scope and execution capabilities warrant a suspicious classification.
能力评估
Purpose & Capability
The SKILL.md clearly requires a STITCH_TOKEN (Google OAuth token / service account key) and describes writing code into the active project; however the registry metadata lists no required env vars, no primary credential, and no config paths. That mismatch (declared zero credentials vs. SKILL.md requiring STITCH_TOKEN and optionally service-account keys) is incoherent and should be corrected before trusting the skill.
Instruction Scope
Instructions direct the agent to read process.env.STITCH_TOKEN, call an external API, create files under src/components/*.tsx, scan the repo (grep), inject imports/JSX, and run build/lint commands (npx tsc, npm run lint). Those actions are consistent with the stated integration purpose but they grant the skill broad ability to modify the user's codebase and run tooling — the SKILL.md also implies handling service-account private material. The instructions access secrets and modify source; that is expected but high-impact and not reflected in metadata.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes disk-side risk since nothing is downloaded or installed by the skill itself.
Credentials
The SKILL.md requires a STITCH_TOKEN and suggests requesting the OAuth scope https://www.googleapis.com/auth/cloud-platform. cloud-platform is very broad (access across GCP) and likely overprivileged for a single Stitch API; service-account flows imply private keys. These sensitive credentials are not declared in the registry metadata. Requesting wide-scope OAuth tokens without justification is disproportionate.
Persistence & Privilege
The skill is not marked always:true and does not claim to modify other skills or system-wide settings. It will write into the active project and run local build tools, which is expected for its purpose but should be an explicit, user-approved capability.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install stitch-design-agent - 安装完成后,直接呼叫该 Skill 的名称或使用
/stitch-design-agent触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Version 1.0.2 of stitch-design-agent is a documentation update with improved clarity, translation, and expanded usage notes:
- SKILL.md rewritten from Spanish to English.
- OAuth scope and API instructions clarified.
- Usage triggers and configuration extended for broader detection.
- Multiple new and more precise agent usage notes added, including guidance for working with design systems and theme variables.
- No functional or file changes—documentation only.
v1.0.1
No functional or content changes in this release.
- Version bump to 1.0.1.
- No file or documentation changes detected.
v1.0.0
stitch-design-agent 1.0.0
- Initial release of the stitch-design-agent skill.
- Includes core documentation and project structure in SKILL.md.
元数据
常见问题
Stitch Design Agent 是什么?
Skill for an agent that integrates designs generated by Google Stitch directly into an app under development. Use this skill whenever the agent needs to: aut... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 258 次。
如何安装 Stitch Design Agent?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install stitch-design-agent」即可一键安装,无需额外配置。
Stitch Design Agent 是免费的吗?
是的,Stitch Design Agent 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Stitch Design Agent 支持哪些平台?
Stitch Design Agent 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Stitch Design Agent?
由 duvanCode(@duvancode)开发并维护,当前版本 v1.0.2。
推荐 Skills