Colors CC
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If sensitive project names or private text are placed into placeholder URLs, that information may be sent to the external service and cached.
The skill sends placeholder parameters, including user-chosen text, to a third-party API and documents long-lived public caching for generated SVG responses.
Endpoint: `https://api.colors-cc.top/placeholder` ... `text`: Center text, URL-encoded ... Response: SVG image with `Cache-Control: public, max-age=31536000, immutable`
Use the service for non-sensitive mockup text and design data; avoid placing private or confidential information in URL parameters.
Mockups or assets generated with default settings may contain Colors CC branding or comments that the user did not intend to publish.
Generated assets include third-party branding and an HTML comment by default, though the behavior is disclosed and can be disabled.
`attribution`: Include branding watermark (default: true). Set to `false` or `0` to disable. When enabled, adds a subtle "colors-cc.top" watermark ... and HTML comment for viral sharing.
Set `attribution=false` when generating assets that should not include external branding, and review generated markup before publishing.