ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipeworx colorapi

v1.0.0

Color identification, scheme generation, and format conversion via TheColorAPI — hex, RGB, HSL, and CMYK

0· 56·0 current·0 all-time
byBruce Gutman@brucegutman
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (color identification, scheme generation, conversions) align with the documented curl examples to a JSON-RPC gateway. However the skill references 'TheColorAPI' conceptually but the example and homepage use an external gateway (https://gateway.pipeworx.io) rather than thecolorapi.com. That proxying is plausible but not explained and should be justified.
Instruction Scope
SKILL.md instructs only HTTP calls (curl) and describes three narrowly-scoped tools (identify_color, generate_scheme, convert_color). It does not instruct reading local files or unrelated env vars. One additional instruction block (Setup) suggests running an npx command to register an mcp server — this step would execute downloaded code and is not declared elsewhere in the skill, which widens the runtime actions if followed.
Install Mechanism
There is no formal install spec (lowest-risk form). However the provided 'Setup' example tells users to run 'npx -y mcp-remote@latest ...' which would download and execute a package from npm. The skill metadata does not declare Node/npx as required binaries, nor does it declare this installation. That mismatch is a small but meaningful risk (runtime download/execution of remote code).
Credentials
The skill requests no environment variables or credentials. That is proportionate to a read-only color API integration. There are no unexpected secret requests.
Persistence & Privilege
always is false and there are no instructions to modify other skills or global agent settings. The skill does suggest adding an mcpServers entry in agent config for a remote endpoint, which is normal but should be done consciously by the operator.
What to consider before installing
This skill appears to do what it says (call a color service via HTTP) and requires only curl, but review two points before installing: 1) Gateway vs upstream: the example uses gateway.pipeworx.io instead of thecolorapi.com. Confirm you trust the gateway operator (pipeworx) because your color data will pass through that proxy. 2) Setup hint downloads code: the SKILL.md suggests running 'npx -y mcp-remote@latest ...' which will fetch and run code from npm. If you plan to follow that setup, verify the mcp-remote package and consider pinning a known-good version or self-hosting the gateway. Also ensure your environment has Node/npx, which the skill didn't declare. If the maintainer can (a) explain why the pipeworx gateway is used, (b) document and declare the npx/Node requirement or remove the npx suggestion, and (c) provide a direct API option (or a vetted package/version), the small remaining concerns would be addressed.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎨 Clawdis
Binscurl
latestvk97b1d814v6z8rp9tzvnvt82x184dx3g
56downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Bruce Gutman@brucegutman
latest
Download

The Color API

Turn hex codes into rich color data. Identify a color's name, generate harmonious palettes, and convert between formats (hex, RGB, HSL, CMYK). Useful for design tools, accessibility checks, and brand color analysis.

Tools

  • identify_color — Pass a hex value (e.g., "FF5733") to get the color's name, RGB/HSL/CMYK values, and contrast info
  • generate_scheme — Create a color scheme from a seed color. Modes: monochrome, analogic, complement, triad, quad
  • convert_color — Convert RGB values (0-255 per channel) to hex, HSL, CMYK, and get the nearest named color

When to use

  • A designer asks "what's the name of this hex color?"
  • Generating a 5-color palette from a brand's primary color
  • Converting between color formats for CSS, print, or design specs
  • Checking if a color has good contrast for accessibility

Example: generate a complementary palette from coral

curl -s -X POST https://gateway.pipeworx.io/colorapi/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"generate_scheme","arguments":{"hex":"FF6B6B","mode":"complement","count":5}}}'

Returns 5 colors with hex, RGB, HSL values and their closest named colors.

Setup

{
  "mcpServers": {
    "pipeworx-colorapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote@latest", "https://gateway.pipeworx.io/colorapi/mcp"]
    }
  }
}

Comments

Loading comments...