技能 ckm:design-system
📦
ckm:design-system
低风险 ⚙️
外部命令📁
文件系统访问🌐
网络访问🔑
环境变量⚡
包含脚本
生成设计令牌、验证使用情况并创建品牌化幻灯片
当令牌在原始层、语义层和组件层之间未能一致应用时,设计系统往往会崩溃。此技能可从 JSON 令牌定义生成 CSS 变量,验证代码中的令牌使用情况,并通过 Chart.js 集成创建符合品牌的幻灯片演示。
支持: Claude Codex Code(CC)
1
下载技能 ZIP
2
在 Claude 中上传
前往 设置 → 功能 → 技能 → 上传技能
3
开启并开始使用
测试它
正在使用“ckm:design-system”。 Generate CSS design tokens from my tokens.json and create a Tailwind config for my Next.js project.
预期结果:
- CSS 输出,具有三层令牌结构,以 :root 块形式组织,包含原始令牌、语义令牌和组件令牌
- Tailwind 配置文件,包含映射到 CSS 变量的颜色引用,用于 tailwind.config.js
正在使用“ckm:design-system”。 Create a 5-slide pitch deck for a fintech startup. Include a revenue chart.
预期结果:
- HTML 文件,包含品牌化的幻灯片组,包括标题、问题、带卡片的解决方案、收入增长柱状图和 CTA 幻灯片
- 引用设计令牌的 CSS,用于所有颜色、字体和间距,确保品牌合规
正在使用“ckm:design-system”。 Find the best chart type to show quarterly revenue growth across four product lines.
预期结果:
- 图表推荐:分组柱状图,用于比较多个产品线在不同季度的数据
- 针对具体场景的指导,说明何时使用、何时避免,以及 Chart.js 实现说明
安全审计
低风险v1 • 5/26/2026
Static analysis flagged 561 potential issues (risk score 100/100), but AI evaluation confirms nearly all are false positives. Over 400 'Weak cryptographic algorithm' detections are hex color codes in design token CSV data and CSS examples (e.g. #2563EB). Over 150 'Shell backtick execution' detections are shell command examples in Markdown documentation and legitimate build tool invocations. The only true positive is subprocess.run in slide-token-validator.py which delegates to an internal validation script with low risk. The skill is a legitimate design system toolkit with no malicious intent, no credential exfiltration, and no command injection vulnerabilities.
26
已扫描文件
4,805
分析行数
14
发现项
1
审计总数
低风险问题 (9)
Hex color values in design token data flagged as cryptographic algorithms
FALSE POSITIVE: Over 400 'Weak cryptographic algorithm' detections. The static analyzer matched hex color codes (e.g. #2563EB, #F59E0B, #0D0D0D) in CSV design data files and CSS documentation examples. These are design token color values, not cryptographic material. Design system data and CSS documentation legitimately contain hex color codes for brand colors, UI colors, and CSS examples.
Shell command examples in Markdown documentation
FALSE POSITIVE: Over 150 'Ruby/shell backtick execution' detections in Markdown reference files. These are code examples showing users how to run commands like 'node scripts/generate-tokens.cjs' or 'python scripts/search-slides.py'. They are documentation, not executable code being injected at runtime. No dynamic command construction from user input.
Hardcoded image URLs in fetch-background.py
FALSE POSITIVE: Curated Pexels stock photo URLs hardcoded in fetch-background.py. These are pre-selected, free-to-use images for slide backgrounds. URLs point to images.pexels.com, a legitimate stock photography platform. No credential exfiltration or malicious network activity.
subprocess.run delegation in slide-token-validator.py
TRUE POSITIVE (low risk): Script uses subprocess.run to delegate validation to html-token-validator.py with sys.argv[1:] forwarded as arguments. This is a standard wrapper pattern. Risk is low because it only calls a known internal validator script.
Path traversal sequence in generate-slide.py
FALSE POSITIVE: The string '../../../assets/design-tokens.css' on line 632 is a computed relative path from the slide output directory to the shared design tokens CSS file. This is a hardcoded constant, not user-controlled input. No path traversal vulnerability exists.
Standard filesystem operations in build and validation scripts
FALSE POSITIVE: Node.js fs operations detected in embed-tokens.cjs, generate-tokens.cjs, and validate-tokens.cjs. These are standard file I/O operations for reading design token files, writing CSS output, and scanning codebases for token compliance. All operations are local to the project directory.
Chart.js CDN URL in SKILL.md
FALSE POSITIVE: Hardcoded URL 'https://cdn.jsdelivr.net/npm/chart.js@4.4.1/...' in SKILL.md line 190. This is a legitimate CDN URL for the Chart.js library used in slide HTML generation. It is a static reference, not dynamically constructed.
Dynamic import pattern in search-slides.py
FALSE POSITIVE: 'Dynamic import() expression' detected at line 10. This is actually a standard Python 'from slide_search_core import ...' statement. The static analyzer misidentified the Python import syntax as a dynamic JavaScript import expression.
Heuristic dangerous combination warning
FALSE POSITIVE: The heuristic analyzer flagged a 'dangerous combination' of code execution, network, and credential access across the codebase. Evaluation confirms all operations are legitimate: subprocess calls run internal build tools, network requests go to stock photo CDNs and Chart.js CDN, and 'credential' matches are false positives on CSV config lookups and hardcoded hex colors. No data exfiltration path exists.
风险因素
⚙️ 外部命令 (201)
references/component-specs.md:40-46 references/component-specs.md:46-83 references/component-specs.md:83-89 references/component-specs.md:89-106 references/component-specs.md:106-119 references/component-specs.md:119-168 references/component-specs.md:168-173 references/component-specs.md:173-191 references/component-specs.md:191-204 references/component-tokens.md:7-47 references/component-tokens.md:47-51 references/component-tokens.md:51-79 references/component-tokens.md:79-83 references/component-tokens.md:83-102 references/component-tokens.md:102-106 references/component-tokens.md:106-130 references/component-tokens.md:130-134 references/component-tokens.md:134-149 references/component-tokens.md:149-153 references/component-tokens.md:153-169 references/component-tokens.md:169-173 references/component-tokens.md:173-191 references/component-tokens.md:191-195 references/component-tokens.md:195-214 references/primitive-tokens.md:9-23 references/primitive-tokens.md:23-27 references/primitive-tokens.md:27-40 references/primitive-tokens.md:40-44 references/primitive-tokens.md:44-61 references/primitive-tokens.md:61-67 references/primitive-tokens.md:67-91 references/primitive-tokens.md:91-95 references/primitive-tokens.md:95-129 references/primitive-tokens.md:129-133 references/primitive-tokens.md:133-145 references/primitive-tokens.md:145-149 references/primitive-tokens.md:149-164 references/primitive-tokens.md:164-168 references/primitive-tokens.md:168-184 references/primitive-tokens.md:184-188 references/primitive-tokens.md:188-203 references/semantic-tokens.md:9-23 references/semantic-tokens.md:23-27 references/semantic-tokens.md:27-34 references/semantic-tokens.md:34-38 references/semantic-tokens.md:38-44 references/semantic-tokens.md:44-48 references/semantic-tokens.md:48-53 references/semantic-tokens.md:53-57 references/semantic-tokens.md:57-62 references/semantic-tokens.md:62-66 references/semantic-tokens.md:66-72 references/semantic-tokens.md:72-76 references/semantic-tokens.md:76-90 references/semantic-tokens.md:90-94 references/semantic-tokens.md:94-100 references/semantic-tokens.md:100-104 references/semantic-tokens.md:104-121 references/semantic-tokens.md:121-125 references/semantic-tokens.md:125-141 references/semantic-tokens.md:141-145 references/semantic-tokens.md:145-160 references/semantic-tokens.md:160-164 references/semantic-tokens.md:164-187 references/semantic-tokens.md:187-193 references/semantic-tokens.md:193-206 references/semantic-tokens.md:206-212 references/semantic-tokens.md:212-215 references/states-and-variants.md:31-38 references/states-and-variants.md:38-52 references/states-and-variants.md:52-59 references/states-and-variants.md:59-70 references/states-and-variants.md:70-75 references/states-and-variants.md:75-81 references/states-and-variants.md:81-87 references/states-and-variants.md:87-99 references/states-and-variants.md:99-100 references/states-and-variants.md:100-116 references/states-and-variants.md:116-130 references/states-and-variants.md:130-136 references/states-and-variants.md:136-146 references/states-and-variants.md:146-166 references/states-and-variants.md:166-184 references/states-and-variants.md:184-188 references/states-and-variants.md:188-207 references/states-and-variants.md:207-229 references/states-and-variants.md:229-241 references/tailwind-integration.md:9-57 references/tailwind-integration.md:57-63 references/tailwind-integration.md:63-113 references/tailwind-integration.md:113-119 references/tailwind-integration.md:119-126 references/tailwind-integration.md:126-132 references/tailwind-integration.md:132-172 references/tailwind-integration.md:172-176 references/tailwind-integration.md:176-187 references/tailwind-integration.md:187-191 references/tailwind-integration.md:191-216 references/tailwind-integration.md:216-220 references/tailwind-integration.md:220-230 references/tailwind-integration.md:230-239 references/tailwind-integration.md:239-243 references/tailwind-integration.md:243-249 references/token-architecture.md:7-18 references/token-architecture.md:18-32 references/token-architecture.md:32-60 references/token-architecture.md:60-66 references/token-architecture.md:66-92 references/token-architecture.md:92-98 references/token-architecture.md:98-121 references/token-architecture.md:121-127 references/token-architecture.md:127-135 references/token-architecture.md:135-139 references/token-architecture.md:139-147 references/token-architecture.md:147-162 references/token-architecture.md:162-168 references/token-architecture.md:168-172 references/token-architecture.md:172-184 references/token-architecture.md:184-189 references/token-architecture.md:189-192 references/token-architecture.md:192-195 references/token-architecture.md:195-207 references/token-architecture.md:207-213 references/token-architecture.md:213-224 scripts/embed-tokens.cjs:77 scripts/embed-tokens.cjs:90 scripts/embed-tokens.cjs:92 scripts/embed-tokens.cjs:97 scripts/generate-tokens.cjs:32-40 scripts/generate-tokens.cjs:109-114 scripts/generate-tokens.cjs:114-119 scripts/generate-tokens.cjs:119-124 scripts/generate-tokens.cjs:124-126 scripts/generate-tokens.cjs:129-132 scripts/generate-tokens.cjs:132-134 scripts/generate-tokens.cjs:151 scripts/generate-tokens.cjs:155-161 scripts/generate-tokens.cjs:179 scripts/generate-tokens.cjs:199 scripts/slide-token-validator.py:30 scripts/validate-tokens.cjs:33-46 scripts/validate-tokens.cjs:180 scripts/validate-tokens.cjs:190 scripts/validate-tokens.cjs:192 scripts/validate-tokens.cjs:193 scripts/validate-tokens.cjs:194 scripts/validate-tokens.cjs:195 scripts/validate-tokens.cjs:205 scripts/validate-tokens.cjs:207 scripts/validate-tokens.cjs:227 scripts/validate-tokens.cjs:231 SKILL.md:27 SKILL.md:31-37 SKILL.md:37-40 SKILL.md:40-49 SKILL.md:49-54 SKILL.md:54-56 SKILL.md:56-59 SKILL.md:59-61 SKILL.md:61-67 SKILL.md:67-68 SKILL.md:68-69 SKILL.md:69-70 SKILL.md:70-71 SKILL.md:71-72 SKILL.md:72-73 SKILL.md:73-88 SKILL.md:88-89 SKILL.md:89-90 SKILL.md:90-91 SKILL.md:91-92 SKILL.md:92-98 SKILL.md:98-116 SKILL.md:116-117 SKILL.md:117-118 SKILL.md:118-119 SKILL.md:119-123 SKILL.md:123-134 SKILL.md:134-140 SKILL.md:140-141 SKILL.md:141-142 SKILL.md:142-143 SKILL.md:143-144 SKILL.md:144-145 SKILL.md:145-146 SKILL.md:146-147 SKILL.md:147-151 SKILL.md:151-166 SKILL.md:166-171 SKILL.md:171-173 SKILL.md:173-180 SKILL.md:180-181 SKILL.md:181 SKILL.md:181-189 SKILL.md:189-208 SKILL.md:208-212 SKILL.md:212-222 SKILL.md:222-227 SKILL.md:227-229 SKILL.md:229-233 SKILL.md:233-235
📁 文件系统访问 (17)
scripts/embed-tokens.cjs:86 scripts/embed-tokens.cjs:20 scripts/embed-tokens.cjs:86 scripts/generate-slide.py:632 scripts/generate-slide.py:632 scripts/generate-slide.py:632 scripts/generate-tokens.cjs:184 scripts/generate-tokens.cjs:197 scripts/generate-tokens.cjs:198 scripts/generate-tokens.cjs:178 scripts/generate-tokens.cjs:184 scripts/generate-tokens.cjs:198 scripts/validate-tokens.cjs:99 scripts/validate-tokens.cjs:130 scripts/validate-tokens.cjs:226 scripts/validate-tokens.cjs:130 scripts/validate-tokens.cjs:231
🌐 网络访问 (28)
scripts/fetch-background.py:144 scripts/fetch-background.py:145 scripts/fetch-background.py:146 scripts/fetch-background.py:149 scripts/fetch-background.py:150 scripts/fetch-background.py:151 scripts/fetch-background.py:154 scripts/fetch-background.py:155 scripts/fetch-background.py:156 scripts/fetch-background.py:159 scripts/fetch-background.py:160 scripts/fetch-background.py:163 scripts/fetch-background.py:164 scripts/fetch-background.py:167 scripts/fetch-background.py:168 scripts/fetch-background.py:171 scripts/fetch-background.py:172 scripts/fetch-background.py:175 scripts/fetch-background.py:176 scripts/fetch-background.py:179 scripts/fetch-background.py:180 scripts/fetch-background.py:183 scripts/fetch-background.py:184 scripts/fetch-background.py:197 scripts/generate-slide.py:32 scripts/generate-slide.py:33 SKILL.md:190 templates/design-tokens-starter.json:2
🔑 环境变量 (7)
⚡ 包含脚本 (1)
审计者: claude
质量评分
68
架构
100
可维护性
87
内容
34
社区
72
安全
74
规范符合性
你能构建什么
前端开发者创建设计系统
前端开发者需要为新项目建立一致的设计令牌系统。此技能从 JSON 令牌定义生成 CSS 变量,验证组件是否使用令牌而非硬编码值,并生成用于集成的 Tailwind 配置。
设计师构建品牌化演示文稿
设计师需要创建符合品牌指南的融资演示文稿。此技能生成使用设计令牌定义颜色、排版和间距的 HTML 幻灯片。通过 Chart.js 提供图表选项,并从 Pexels 获取精选背景图片。
DevOps 工程师自动化设计令牌流水线
DevOps 工程师在 CI 流水线中设置自动化的令牌生成和验证。此技能提供 CLI 脚本,用于生成 CSS、根据令牌使用规则验证代码库,以及将令牌嵌入独立的 HTML 文件中。
试试这些提示
从 JSON 配置生成令牌
Generate CSS design tokens from my tokens.json file using the three-layer structure. Use the primitive to semantic to component pattern.
验证代码库中的令牌使用情况
Validate my src/ directory for hardcoded hex colors and pixel values. Report all violations and suggest which design tokens should be used instead.
创建带图表的融资演示文稿
Create an 8-slide investor pitch deck for a SaaS analytics platform. Include a title slide, problem slide, solution slide with feature grid, metrics slide, revenue chart slide, testimonial slide, comparison table slide, and CTA closing slide. Use our brand design tokens.
应用 Duarte 火花线叙事技巧
Create a 9-slide deck using the Duarte sparkline narrative structure. Alternate between What Is (frustration) and What Could Be (hope) beats. Use pattern breaking at positions 3 and 6. Search slide strategies for 'investor pitch' and recommend layouts for each slide.
最佳实践
- 首先使用原始值定义原始令牌,然后通过语义令牌映射,最后映射到组件特定令牌,以获得最大的灵活性和主题切换能力。
- 在分享之前,始终使用令牌验证器验证生成的 HTML 幻灯片,以捕获硬编码的颜色或字体。
- 使用带有幻灯片位置和情感参数的上下文搜索,通过模式打破和情感对比创建更具观众吸引力的幻灯片组。
避免
- 不要在组件 CSS 文件中使用原始十六进制颜色。始终通过 var() 引用设计令牌以保证主题一致性。
- 不要创建未导入 design-tokens.css 文件的幻灯片。所有视觉属性必须使用令牌变量。
- 不要跳过语义令牌层。直接将组件映射到原始令牌会使主题切换和维护更加困难。
常见问题
设计令牌 JSON 需要遵循什么文件格式?
JSON 应遵循三层结构:原始层(原始颜色、间距、排版值)、语义层(基于用途的别名,如 --color-primary)和组件层(组件特定令牌,如 --button-bg)。每个令牌包含 $value 和 $type 字段。
此技能能否生成 PowerPoint 或 Google Slides 文件?
不可以。此技能生成包含嵌入式 CSS 设计令牌的 HTML 幻灯片。输出是一个自包含的 HTML 文件,可以在任何浏览器中打开,但无法直接导入 PowerPoint 或 Google Slides。
如何为我的幻灯片添加新的背景图片?
背景图片选自一组按幻灯片类型(标题页、团队页、推荐页等)分类的免费 Pexels 精选照片。你可以通过向 scripts/fetch-background.py 中的 CURATED_IMAGES 字典添加更多 Pexels 图片 URL 来扩展图片库。
令牌验证器检查什么内容?
验证器会扫描 CSS、JSX、TSX 及其他源文件,查找硬编码的十六进制颜色、RGB 颜色、像素值和 rem 值。它会建议用设计令牌的 var() 引用替换这些值,同时跳过令牌定义文件和常见的例外情况。
如何从我的设计令牌创建 Tailwind 主题?
使用带有 --format tailwind 标志的 generate-tokens.cjs 脚本。这会生成一个颜色配置对象,通过 CSS 变量引用将你的语义颜色令牌映射到 Tailwind 颜色名称。
幻灯片生成功能是否支持动画?
支持。幻灯片系统包含 CSS 动画类,如 animate-fade-up、animate-stagger、animate-scale、animate-chart、animate-count 和 animate-pulse。上下文搜索会根据幻灯片目标和情感推荐动画类。