Colorpick
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Some commands may fail or depend on the local Python runtime even though no required binary is declared.
The color helper invokes Python, while the registry declares no required binaries and SKILL.md says no external dependencies are required. This appears purpose-aligned, but the dependency should be explicit.
python3 << 'PYEOF'
Confirm Python 3 is available before using the script, and the publisher should declare python3 as a requirement if it is needed.
Colorpick inputs may remain in local log files under the user's home directory.
The script creates a persistent local data directory and appends command inputs to history logs. This is consistent with a local utility, but it means entered values can be retained and later displayed or exported.
DATA_DIR="${HOME}/.local/share/colorpick"
mkdir -p "$DATA_DIR"
_log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; }Avoid entering sensitive text as colorpick input, and clear or relocate the data directory if you do not want history retained.