Colorpick
PassAudited by ClawScan on May 1, 2026.
Overview
Colorpick appears to be a local color utility, with noteworthy but proportionate local history storage and an undeclared Python runtime dependency.
This skill looks safe for local color conversion and palette work. Before installing, be aware that it may save your colorpick inputs in ~/.local/share/colorpick and that Python 3 may be needed even though the metadata does not declare it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Some commands may fail or depend on the local Python runtime even though no required binary is declared.
The color helper invokes Python, while the registry declares no required binaries and SKILL.md says no external dependencies are required. This appears purpose-aligned, but the dependency should be explicit.
python3 << 'PYEOF'
Confirm Python 3 is available before using the script, and the publisher should declare python3 as a requirement if it is needed.
Colorpick inputs may remain in local log files under the user's home directory.
The script creates a persistent local data directory and appends command inputs to history logs. This is consistent with a local utility, but it means entered values can be retained and later displayed or exported.
DATA_DIR="${HOME}/.local/share/colorpick"
mkdir -p "$DATA_DIR"
_log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; }Avoid entering sensitive text as colorpick input, and clear or relocate the data directory if you do not want history retained.