← 返回 Skills 市场
122
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install yyl-test-skill
功能描述
Professional Figma design analysis and asset export. Use for extracting design data, exporting assets in multiple formats, auditing accessibility compliance,...
安全使用建议
Before installing or running this skill:
- Expect to provide a Figma access token (FIGMA_ACCESS_TOKEN). The registry metadata wrongly lists no required env vars—confirm the token requirement with the author.
- Use a least-privilege token: create a Figma token with only the scopes needed for read/export and avoid broad team-level credentials if possible. Revoke the token after use if it's temporary.
- Don't store long-lived tokens in shared .env files or source control. If you must, keep the file out of version control and limit filesystem access.
- Review the included scripts locally (they are present and readable). They call only api.figma.com and the Figma CDN (expected). Search for any hardcoded or unexpected network endpoints before running.
- Run first in an isolated environment (temporary VM or container) so exported files are contained and any unexpected behavior is limited.
- Note the package metadata inconsistencies (missing declared env var, differing ownerId in _meta.json versus registry owner) — if you need a higher assurance, ask the publisher for source repository/homepage and an explanation for the metadata mismatch.
If you need, I can extract the exact places in the code that read FIGMA_ACCESS_TOKEN and list all HTTP endpoints the scripts call.
功能分析
Type: OpenClaw Skill
Name: yyl-test-skill
Version: 1.0.0
The Figma Design Analysis & Export skill bundle is a well-structured and functional toolset for interacting with the Figma REST API. The core scripts (figma_client.py, export_manager.py, style_auditor.py, and accessibility_checker.py) implement legitimate features such as asset exporting, WCAG compliance auditing, and design system analysis. The code follows professional practices, including proper error handling and rate limiting, and shows no signs of data exfiltration, malicious execution, or prompt injection. All network activity is directed toward the official Figma API (api.figma.com).
能力评估
Purpose & Capability
Name/description (Figma analysis & export) match the code: the scripts call the Figma REST API, export images, run audits, and write local deliverables. However, the registry metadata declares no required environment variables or primary credential while both SKILL.md and scripts require a FIGMA_ACCESS_TOKEN—this omission is an incoherence that should have been declared by the skill.
Instruction Scope
SKILL.md instructions are generally scoped to Figma operations (get-file, export, audit). They explicitly instruct setting FIGMA_ACCESS_TOKEN and running the included Python scripts. The instructions promise 'read-only' access to Figma; the code performs only read operations against the Figma API and writes exported assets locally. There is no evidence in the provided files of instructions to read unrelated host files or exfiltrate data to third-party endpoints outside the Figma API/CDN.
Install Mechanism
This is an instruction-and-code skill with no install spec; it includes a small requirements.txt (requests, aiohttp, pathlib). No remote download/install URLs or archives are used. The install surface is standard for a local Python tool.
Credentials
The code and SKILL.md require a Figma access token (FIGMA_ACCESS_TOKEN), but the skill metadata claimed no required env vars or primary credential. Requesting a single Figma token is proportionate to the stated purpose, but the missing declaration is a transparency issue. Also note SKILL.md suggests storing token in a .env file (convenient but increases risk if the repository/environment is shared).
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It writes export files to local output directories (expected for an export tool). Autonomous invocation is allowed by default (normal for skills) but does not combine with other high-risk flags here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install yyl-test-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/yyl-test-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of yyl-test-skill.
- Provides information about yiliang.yang, including age, gender, and hobbies.
元数据
常见问题
yyl-test-skill 是什么?
Professional Figma design analysis and asset export. Use for extracting design data, exporting assets in multiple formats, auditing accessibility compliance,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 122 次。
如何安装 yyl-test-skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install yyl-test-skill」即可一键安装,无需额外配置。
yyl-test-skill 是免费的吗?
是的,yyl-test-skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
yyl-test-skill 支持哪些平台?
yyl-test-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 yyl-test-skill?
由 yylgit(@yylgit)开发并维护,当前版本 v1.0.0。
推荐 Skills