pcloud-components-usage
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
This skill appears safe as documentation for using a React component package. Before installing, confirm that @pointcloud/pcloud-components is the intended package, review its npm/CDN provenance, and avoid adding CDN scripts or upload/CRUD examples to production without normal code review. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Following the guide can add third-party code to a web project, so the package/CDN should be trusted before use.
The skill tells users how to add a third-party npm package or load it from a CDN. This is expected for a component-library guide, but it still introduces external code into the user's project.
npm install @pointcloud/pcloud-components ... <script src="https://unpkg.com/@pointcloud/pcloud-components@1.0.0/dist/umd/pcloud-components.min.js"></script>
Verify the npm package provenance, pin versions with a lockfile, and prefer trusted registries or self-hosted assets for production builds.