Seede Design Agent Skills
Security checks across malware telemetry and agentic risk
Overview
This appears to be a purpose-aligned Seede design-generation skill, but it uses an external CLI/service, an API token, and may upload user assets.
Before installing, verify the Seede CLI package source, configure a dedicated expiring SEEDE_API_TOKEN, only use the skill for intended design tasks, and upload only assets you are comfortable sharing with the Seede service.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives software from an external package source local execution capability.
The skill relies on installing a global third-party CLI package; this is expected for the stated purpose but should be verified by the user.
npm install -g seede-cli
Verify the Seede CLI package name, publisher, and version before installing, and prefer trusted or pinned installation sources when available.
The agent can run design-generation commands directly, which may create remote designs or consume service quota if used unintentionally.
The skill is designed for automated CLI execution without interactive prompts; that is purpose-aligned for agents but means actions should be clearly user-directed.
Use `create` to generate designs. **Always use `--no-interactive` for autonomous execution.**
Use the skill for explicit design requests and require user confirmation for unusual, repeated, or account-impacting operations.
Anyone or any agent with the token may be able to use the linked Seede account within the token's permissions.
The skill requires a Seede API token and documents token creation, which is expected for authentication but grants account-level service access.
Recommended for Agents: Use `SEEDE_API_TOKEN` environment variable. Generate one using `seede token create`
Use a dedicated, least-privilege, expiring token for the agent and do not allow token creation or listing unless you intentionally request it.
Logos, product images, or reference files provided to the skill may be uploaded to an external service and may need to be publicly accessible for use in designs.
The skill can upload local user assets to the Seede service and use returned URLs, so user content may leave the local environment.
Upload images to use as references or materials. `seede upload ./path/to/logo.png` ... _Returns an Asset URL_
Only upload assets you are comfortable sending to Seede, avoid sensitive or confidential files, and review Seede's access and retention policies.