Habilidades ckm:design-system
📦
ckm:design-system
Baixo Risco ⚙️
Comandos externos📁
Acesso ao sistema de arquivos🌐
Acesso à rede🔑
Variáveis de ambiente⚡
Contém scripts
Gerar design tokens, validar uso e criar slides com a marca
Os sistemas de design frequentemente se quebram quando os tokens não são aplicados de forma consistente nas camadas primitiva, semântica e de componentes. Esta skill gera variáveis CSS a partir de definições de tokens em JSON, valida o uso de tokens no código e cria apresentações de slides compatíveis com a marca, com integração ao Chart.js.
Suporta: Claude Codex Code(CC)
1
Baixar o ZIP da skill
2
Upload no Claude
Vá em Configurações → Capacidades → Skills → Upload skill
3
Ative e comece a usar
Testar
A utilizar "ckm:design-system". Generate CSS design tokens from my tokens.json and create a Tailwind config for my Next.js project.
Resultado esperado:
- Saída CSS com estrutura de tokens em três camadas organizada como blocos :root com tokens primitivos, semânticos e de componente
- Arquivo de configuração Tailwind com mapeamento de cores referenciando variáveis CSS para uso em tailwind.config.js
A utilizar "ckm:design-system". Create a 5-slide pitch deck for a fintech startup. Include a revenue chart.
Resultado esperado:
- Arquivo HTML com deck de slides personalizado incluindo título, problema, solução com cards, gráfico de barras de crescimento de receita e slides de CTA
- Referências CSS a design tokens para todas as cores, fontes e espaçamentos para garantir conformidade com a marca
A utilizar "ckm:design-system". Find the best chart type to show quarterly revenue growth across four product lines.
Resultado esperado:
- Recomendação de gráfico: Gráfico de Barras Agrupadas para comparar múltiplas linhas de produto entre trimestres
- Orientação específica ao contexto sobre quando usar, quando evitar e notas de implementação com Chart.js
Auditoria de Segurança
Baixo Riscov1 • 5/26/2026
Static analysis flagged 561 potential issues (risk score 100/100), but AI evaluation confirms nearly all are false positives. Over 400 'Weak cryptographic algorithm' detections are hex color codes in design token CSV data and CSS examples (e.g. #2563EB). Over 150 'Shell backtick execution' detections are shell command examples in Markdown documentation and legitimate build tool invocations. The only true positive is subprocess.run in slide-token-validator.py which delegates to an internal validation script with low risk. The skill is a legitimate design system toolkit with no malicious intent, no credential exfiltration, and no command injection vulnerabilities.
26
Arquivos analisados
4,805
Linhas analisadas
14
achados
1
Total de auditorias
Problemas de Baixo Risco (9)
Hex color values in design token data flagged as cryptographic algorithms
FALSE POSITIVE: Over 400 'Weak cryptographic algorithm' detections. The static analyzer matched hex color codes (e.g. #2563EB, #F59E0B, #0D0D0D) in CSV design data files and CSS documentation examples. These are design token color values, not cryptographic material. Design system data and CSS documentation legitimately contain hex color codes for brand colors, UI colors, and CSS examples.
Shell command examples in Markdown documentation
FALSE POSITIVE: Over 150 'Ruby/shell backtick execution' detections in Markdown reference files. These are code examples showing users how to run commands like 'node scripts/generate-tokens.cjs' or 'python scripts/search-slides.py'. They are documentation, not executable code being injected at runtime. No dynamic command construction from user input.
Hardcoded image URLs in fetch-background.py
FALSE POSITIVE: Curated Pexels stock photo URLs hardcoded in fetch-background.py. These are pre-selected, free-to-use images for slide backgrounds. URLs point to images.pexels.com, a legitimate stock photography platform. No credential exfiltration or malicious network activity.
subprocess.run delegation in slide-token-validator.py
TRUE POSITIVE (low risk): Script uses subprocess.run to delegate validation to html-token-validator.py with sys.argv[1:] forwarded as arguments. This is a standard wrapper pattern. Risk is low because it only calls a known internal validator script.
Path traversal sequence in generate-slide.py
FALSE POSITIVE: The string '../../../assets/design-tokens.css' on line 632 is a computed relative path from the slide output directory to the shared design tokens CSS file. This is a hardcoded constant, not user-controlled input. No path traversal vulnerability exists.
Standard filesystem operations in build and validation scripts
FALSE POSITIVE: Node.js fs operations detected in embed-tokens.cjs, generate-tokens.cjs, and validate-tokens.cjs. These are standard file I/O operations for reading design token files, writing CSS output, and scanning codebases for token compliance. All operations are local to the project directory.
Chart.js CDN URL in SKILL.md
FALSE POSITIVE: Hardcoded URL 'https://cdn.jsdelivr.net/npm/chart.js@4.4.1/...' in SKILL.md line 190. This is a legitimate CDN URL for the Chart.js library used in slide HTML generation. It is a static reference, not dynamically constructed.
Dynamic import pattern in search-slides.py
FALSE POSITIVE: 'Dynamic import() expression' detected at line 10. This is actually a standard Python 'from slide_search_core import ...' statement. The static analyzer misidentified the Python import syntax as a dynamic JavaScript import expression.
Heuristic dangerous combination warning
FALSE POSITIVE: The heuristic analyzer flagged a 'dangerous combination' of code execution, network, and credential access across the codebase. Evaluation confirms all operations are legitimate: subprocess calls run internal build tools, network requests go to stock photo CDNs and Chart.js CDN, and 'credential' matches are false positives on CSV config lookups and hardcoded hex colors. No data exfiltration path exists.
Fatores de risco
⚙️ Comandos externos (201)
references/component-specs.md:40-46 references/component-specs.md:46-83 references/component-specs.md:83-89 references/component-specs.md:89-106 references/component-specs.md:106-119 references/component-specs.md:119-168 references/component-specs.md:168-173 references/component-specs.md:173-191 references/component-specs.md:191-204 references/component-tokens.md:7-47 references/component-tokens.md:47-51 references/component-tokens.md:51-79 references/component-tokens.md:79-83 references/component-tokens.md:83-102 references/component-tokens.md:102-106 references/component-tokens.md:106-130 references/component-tokens.md:130-134 references/component-tokens.md:134-149 references/component-tokens.md:149-153 references/component-tokens.md:153-169 references/component-tokens.md:169-173 references/component-tokens.md:173-191 references/component-tokens.md:191-195 references/component-tokens.md:195-214 references/primitive-tokens.md:9-23 references/primitive-tokens.md:23-27 references/primitive-tokens.md:27-40 references/primitive-tokens.md:40-44 references/primitive-tokens.md:44-61 references/primitive-tokens.md:61-67 references/primitive-tokens.md:67-91 references/primitive-tokens.md:91-95 references/primitive-tokens.md:95-129 references/primitive-tokens.md:129-133 references/primitive-tokens.md:133-145 references/primitive-tokens.md:145-149 references/primitive-tokens.md:149-164 references/primitive-tokens.md:164-168 references/primitive-tokens.md:168-184 references/primitive-tokens.md:184-188 references/primitive-tokens.md:188-203 references/semantic-tokens.md:9-23 references/semantic-tokens.md:23-27 references/semantic-tokens.md:27-34 references/semantic-tokens.md:34-38 references/semantic-tokens.md:38-44 references/semantic-tokens.md:44-48 references/semantic-tokens.md:48-53 references/semantic-tokens.md:53-57 references/semantic-tokens.md:57-62 references/semantic-tokens.md:62-66 references/semantic-tokens.md:66-72 references/semantic-tokens.md:72-76 references/semantic-tokens.md:76-90 references/semantic-tokens.md:90-94 references/semantic-tokens.md:94-100 references/semantic-tokens.md:100-104 references/semantic-tokens.md:104-121 references/semantic-tokens.md:121-125 references/semantic-tokens.md:125-141 references/semantic-tokens.md:141-145 references/semantic-tokens.md:145-160 references/semantic-tokens.md:160-164 references/semantic-tokens.md:164-187 references/semantic-tokens.md:187-193 references/semantic-tokens.md:193-206 references/semantic-tokens.md:206-212 references/semantic-tokens.md:212-215 references/states-and-variants.md:31-38 references/states-and-variants.md:38-52 references/states-and-variants.md:52-59 references/states-and-variants.md:59-70 references/states-and-variants.md:70-75 references/states-and-variants.md:75-81 references/states-and-variants.md:81-87 references/states-and-variants.md:87-99 references/states-and-variants.md:99-100 references/states-and-variants.md:100-116 references/states-and-variants.md:116-130 references/states-and-variants.md:130-136 references/states-and-variants.md:136-146 references/states-and-variants.md:146-166 references/states-and-variants.md:166-184 references/states-and-variants.md:184-188 references/states-and-variants.md:188-207 references/states-and-variants.md:207-229 references/states-and-variants.md:229-241 references/tailwind-integration.md:9-57 references/tailwind-integration.md:57-63 references/tailwind-integration.md:63-113 references/tailwind-integration.md:113-119 references/tailwind-integration.md:119-126 references/tailwind-integration.md:126-132 references/tailwind-integration.md:132-172 references/tailwind-integration.md:172-176 references/tailwind-integration.md:176-187 references/tailwind-integration.md:187-191 references/tailwind-integration.md:191-216 references/tailwind-integration.md:216-220 references/tailwind-integration.md:220-230 references/tailwind-integration.md:230-239 references/tailwind-integration.md:239-243 references/tailwind-integration.md:243-249 references/token-architecture.md:7-18 references/token-architecture.md:18-32 references/token-architecture.md:32-60 references/token-architecture.md:60-66 references/token-architecture.md:66-92 references/token-architecture.md:92-98 references/token-architecture.md:98-121 references/token-architecture.md:121-127 references/token-architecture.md:127-135 references/token-architecture.md:135-139 references/token-architecture.md:139-147 references/token-architecture.md:147-162 references/token-architecture.md:162-168 references/token-architecture.md:168-172 references/token-architecture.md:172-184 references/token-architecture.md:184-189 references/token-architecture.md:189-192 references/token-architecture.md:192-195 references/token-architecture.md:195-207 references/token-architecture.md:207-213 references/token-architecture.md:213-224 scripts/embed-tokens.cjs:77 scripts/embed-tokens.cjs:90 scripts/embed-tokens.cjs:92 scripts/embed-tokens.cjs:97 scripts/generate-tokens.cjs:32-40 scripts/generate-tokens.cjs:109-114 scripts/generate-tokens.cjs:114-119 scripts/generate-tokens.cjs:119-124 scripts/generate-tokens.cjs:124-126 scripts/generate-tokens.cjs:129-132 scripts/generate-tokens.cjs:132-134 scripts/generate-tokens.cjs:151 scripts/generate-tokens.cjs:155-161 scripts/generate-tokens.cjs:179 scripts/generate-tokens.cjs:199 scripts/slide-token-validator.py:30 scripts/validate-tokens.cjs:33-46 scripts/validate-tokens.cjs:180 scripts/validate-tokens.cjs:190 scripts/validate-tokens.cjs:192 scripts/validate-tokens.cjs:193 scripts/validate-tokens.cjs:194 scripts/validate-tokens.cjs:195 scripts/validate-tokens.cjs:205 scripts/validate-tokens.cjs:207 scripts/validate-tokens.cjs:227 scripts/validate-tokens.cjs:231 SKILL.md:27 SKILL.md:31-37 SKILL.md:37-40 SKILL.md:40-49 SKILL.md:49-54 SKILL.md:54-56 SKILL.md:56-59 SKILL.md:59-61 SKILL.md:61-67 SKILL.md:67-68 SKILL.md:68-69 SKILL.md:69-70 SKILL.md:70-71 SKILL.md:71-72 SKILL.md:72-73 SKILL.md:73-88 SKILL.md:88-89 SKILL.md:89-90 SKILL.md:90-91 SKILL.md:91-92 SKILL.md:92-98 SKILL.md:98-116 SKILL.md:116-117 SKILL.md:117-118 SKILL.md:118-119 SKILL.md:119-123 SKILL.md:123-134 SKILL.md:134-140 SKILL.md:140-141 SKILL.md:141-142 SKILL.md:142-143 SKILL.md:143-144 SKILL.md:144-145 SKILL.md:145-146 SKILL.md:146-147 SKILL.md:147-151 SKILL.md:151-166 SKILL.md:166-171 SKILL.md:171-173 SKILL.md:173-180 SKILL.md:180-181 SKILL.md:181 SKILL.md:181-189 SKILL.md:189-208 SKILL.md:208-212 SKILL.md:212-222 SKILL.md:222-227 SKILL.md:227-229 SKILL.md:229-233 SKILL.md:233-235
📁 Acesso ao sistema de arquivos (17)
scripts/embed-tokens.cjs:86 scripts/embed-tokens.cjs:20 scripts/embed-tokens.cjs:86 scripts/generate-slide.py:632 scripts/generate-slide.py:632 scripts/generate-slide.py:632 scripts/generate-tokens.cjs:184 scripts/generate-tokens.cjs:197 scripts/generate-tokens.cjs:198 scripts/generate-tokens.cjs:178 scripts/generate-tokens.cjs:184 scripts/generate-tokens.cjs:198 scripts/validate-tokens.cjs:99 scripts/validate-tokens.cjs:130 scripts/validate-tokens.cjs:226 scripts/validate-tokens.cjs:130 scripts/validate-tokens.cjs:231
🌐 Acesso à rede (28)
scripts/fetch-background.py:144 scripts/fetch-background.py:145 scripts/fetch-background.py:146 scripts/fetch-background.py:149 scripts/fetch-background.py:150 scripts/fetch-background.py:151 scripts/fetch-background.py:154 scripts/fetch-background.py:155 scripts/fetch-background.py:156 scripts/fetch-background.py:159 scripts/fetch-background.py:160 scripts/fetch-background.py:163 scripts/fetch-background.py:164 scripts/fetch-background.py:167 scripts/fetch-background.py:168 scripts/fetch-background.py:171 scripts/fetch-background.py:172 scripts/fetch-background.py:175 scripts/fetch-background.py:176 scripts/fetch-background.py:179 scripts/fetch-background.py:180 scripts/fetch-background.py:183 scripts/fetch-background.py:184 scripts/fetch-background.py:197 scripts/generate-slide.py:32 scripts/generate-slide.py:33 SKILL.md:190 templates/design-tokens-starter.json:2
🔑 Variáveis de ambiente (7)
⚡ Contém scripts (1)
Auditado por: claude
Pontuação de qualidade
68
Arquitetura
100
Manutenibilidade
87
Conteúdo
34
Comunidade
72
Segurança
74
Conformidade com especificações
O Que Você Pode Construir
Desenvolvedor frontend criando um sistema de design
Um desenvolvedor frontend precisa estabelecer um sistema de design tokens consistente para um novo projeto. Esta skill gera variáveis CSS a partir de uma definição de tokens em JSON, valida se os componentes usam tokens em vez de valores fixos e produz uma configuração Tailwind para integração.
Designer criando apresentações com a marca
Um designer precisa criar um pitch deck que siga as diretrizes da marca. Esta skill gera slides HTML que usam design tokens para cores, tipografia e espaçamento. Inclui opções de gráfico via Chart.js e imagens de fundo selecionadas do Pexels.
Engenheiro DevOps automatizando pipelines de design tokens
Um engenheiro DevOps configura geração e validação automatizadas de tokens em pipelines de CI. A skill fornece scripts CLI para gerar CSS, validar codebases contra regras de uso de tokens e incorporar tokens em arquivos HTML independentes.
Tente Estes Prompts
Gerar tokens a partir de configuração JSON
Generate CSS design tokens from my tokens.json file using the three-layer structure. Use the primitive to semantic to component pattern.
Validar uso de tokens no codebase
Validate my src/ directory for hardcoded hex colors and pixel values. Report all violations and suggest which design tokens should be used instead.
Criar um pitch deck com gráficos
Create an 8-slide investor pitch deck for a SaaS analytics platform. Include a title slide, problem slide, solution slide with feature grid, metrics slide, revenue chart slide, testimonial slide, comparison table slide, and CTA closing slide. Use our brand design tokens.
Aplicar técnica sparkline Duarte
Create a 9-slide deck using the Duarte sparkline narrative structure. Alternate between What Is (frustration) and What Could Be (hope) beats. Use pattern breaking at positions 3 and 6. Search slide strategies for 'investor pitch' and recommend layouts for each slide.
Melhores Práticas
- Defina primeiro os tokens primitivos com valores brutos, depois mapeie-os através dos tokens semânticos e, por fim, para tokens específicos de componente para máxima flexibilidade e alternância de temas.
- Sempre valide os slides HTML gerados com o validador de tokens para detectar cores ou fontes fixas antes de compartilhar.
- Use a pesquisa contextual com parâmetros de posição do slide e emoção para criar decks com quebra de padrão e contraste emocional para melhor engajamento do público.
Evitar
- Não use cores hexadecimais brutas em arquivos CSS de componentes. Sempre referencie design tokens através de var() para consistência do tema.
- Não crie slides sem importar o arquivo design-tokens.css. Todas as propriedades visuais devem usar variáveis de token.
- Não pule a camada de token semântico. Mapear componentes diretamente para primitivos dificulta a alternância de temas e a manutenção.
Perguntas Frequentes
Qual formato de arquivo o JSON de design tokens precisa seguir?
O JSON deve seguir uma estrutura de três camadas: primitiva (valores brutos de cor, espaçamento, tipografia), semântica (aliases baseados em propósito como --color-primary) e componente (tokens específicos de componente como --button-bg). Cada token possui um campo $value e $type.
Esta skill pode gerar arquivos PowerPoint ou Google Slides?
Não. Esta skill gera slides HTML com design tokens CSS embutidos. A saída é um arquivo HTML autocontido que pode ser aberto em qualquer navegador, mas não pode ser importado diretamente para o PowerPoint ou Google Slides.
Como adicionar uma nova imagem de fundo aos meus slides?
As imagens de fundo são selecionadas de um conjunto selecionado de fotos gratuitas do Pexels organizadas por tipo de slide (hero, equipe, depoimento, etc.). Você pode estender o dicionário CURATED_IMAGES em scripts/fetch-background.py com URLs adicionais de imagens do Pexels.
O que o validador de tokens verifica?
O validador varre arquivos CSS, JSX, TSX e outros arquivos fonte em busca de cores hexadecimais fixas, cores RGB, valores em pixel e valores em rem. Ele sugere substituí-los por referências var() para design tokens. Ele ignora arquivos de definição de tokens e exceções comuns.
Como criar um tema Tailwind a partir dos meus design tokens?
Use o script generate-tokens.cjs com a flag --format tailwind. Isso gera um objeto de configuração de cores que mapeia seus tokens de cor semânticos para nomes de cores do Tailwind usando referências de variáveis CSS.
A geração de slides suporta animações?
Sim. O sistema de slides inclui classes de animação CSS como animate-fade-up, animate-stagger, animate-scale, animate-chart, animate-count e animate-pulse. A pesquisa contextual recomenda classes de animação com base no objetivo e na emoção do slide.
Detalhes do Desenvolvedor
Autor
nextlevelbuilderLicença
MIT
Repositório
https://github.com/nextlevelbuilder/ui-ux-pro-max-skill/tree/main/.claude/skills/design-system/Referência
main