ClawHub

Gigma AI Design Canvas

v1.0.0

AI-powered design tool — say goodbye to Figma MCP's read-only screenshots. Gigma gives you a real editable canvas with full MCP control. Create, edit, and ex...

0· 91·0 current·0 all-time
by@snoopyrain
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (AI design canvas, create/edit/export designs) match the declared runtime instructions (project/canvas/element tools, screenshot preview, export). There are no unrelated env vars or binaries requested.
Instruction Scope
SKILL.md confines runtime actions to design operations (create_project, add_element, get_screenshot, export_canvas). It instructs the user to sign up and paste an 'MCP link' into their MCP settings — that is the mechanism by which the agent will interact with the external Gigma service. The file mentions export to Google Cloud Storage (signed 7-day URLs) but does not show any local file or unrelated system access. Because the skill delegates access via the pasted MCP link, you should confirm what that link exposes (tokens, account access, project scope).
Install Mechanism
No install spec and no code files — instruction-only — so nothing is written to disk and no external packages are fetched by the skill itself.
Credentials
The skill requests no environment variables or credentials in its metadata. The only external dependency is the user-supplied MCP link and the Gigma web signup; those are reasonable for a hosted design service. There are no unrelated credential requests in the manifest.
Persistence & Privilege
always:false and default invocation settings are used. The skill does not request persistent system-side privileges or modify other skills' configs. Autonomous invocation is allowed (platform default) but not combined with any broad credential requests in this manifest.
Assessment
This skill appears to do what it claims (create/edit/export canvas elements) and is instruction-only, but it relies on the external Gigma service and an MCP link you must paste. Before installing or pasting any MCP link: 1) Inspect the MCP link contents or the service's docs to see what permissions/tokens it provides — avoid pasting links that include OAuth tokens or service-account credentials for other services. 2) Sign up with a non-sensitive account first and test with throwaway designs to observe what is shared/uploaded. 3) Review the export behavior: exported PNGs go to Google Cloud Storage and return signed URLs — confirm whether uploads are to Gigma-controlled storage or your own GCS project, and whether any credentials are required. 4) Verify the service domain (gigma-doc.10xboost.org) and privacy policy before sending private images or proprietary designs. If you need stricter guarantees about data residency or access, request more detail from the developer or avoid using the hosted service.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d68frb8tjxc9s3ht6m2t3en83qgx9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis

Comments