Colorpick
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: colorpick Version: 2.0.0 The ColorPick skill bundle is a legitimate utility for color conversion, palette generation, and WCAG contrast checking. It uses Bash scripts (scripts/color.sh and scripts/script.sh) to wrap Python-based color logic and manage a local history of operations in ~/.local/share/colorpick/. The code contains no network calls, data exfiltration logic, or obfuscation, and the instructions in SKILL.md are strictly aligned with the tool's stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Some commands may fail or depend on the local Python runtime even though no required binary is declared.
The color helper invokes Python, while the registry declares no required binaries and SKILL.md says no external dependencies are required. This appears purpose-aligned, but the dependency should be explicit.
python3 << 'PYEOF'
Confirm Python 3 is available before using the script, and the publisher should declare python3 as a requirement if it is needed.
Colorpick inputs may remain in local log files under the user's home directory.
The script creates a persistent local data directory and appends command inputs to history logs. This is consistent with a local utility, but it means entered values can be retained and later displayed or exported.
DATA_DIR="${HOME}/.local/share/colorpick"
mkdir -p "$DATA_DIR"
_log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; }Avoid entering sensitive text as colorpick input, and clear or relocate the data directory if you do not want history retained.