Colors CC
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only color and placeholder skill is coherent and low-risk, but it relies on a third-party image/color API and may add disclosed default branding to generated assets.
This appears safe for normal UI mockups and color tasks. Before installing, be comfortable with using api.colors-cc.top, avoid putting sensitive text into generated image URLs, and disable attribution if you do not want the service's branding in output.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If sensitive project names or private text are placed into placeholder URLs, that information may be sent to the external service and cached.
The skill sends placeholder parameters, including user-chosen text, to a third-party API and documents long-lived public caching for generated SVG responses.
Endpoint: `https://api.colors-cc.top/placeholder` ... `text`: Center text, URL-encoded ... Response: SVG image with `Cache-Control: public, max-age=31536000, immutable`
Use the service for non-sensitive mockup text and design data; avoid placing private or confidential information in URL parameters.
Mockups or assets generated with default settings may contain Colors CC branding or comments that the user did not intend to publish.
Generated assets include third-party branding and an HTML comment by default, though the behavior is disclosed and can be disabled.
`attribution`: Include branding watermark (default: true). Set to `false` or `0` to disable. When enabled, adds a subtle "colors-cc.top" watermark ... and HTML comment for viral sharing.
Set `attribution=false` when generating assets that should not include external branding, and review generated markup before publishing.