React
Security checks across malware telemetry and agentic risk
Overview
This is a coherent instruction-only React development skill; the main things to notice are optional package setup commands and a local project memory file.
This skill appears safe for normal React development guidance. Before installing or using it, be aware that its setup suggests running npm/npx commands and creating a persistent ~/react/memory.md file; only run commands in projects you trust and keep sensitive information out of the memory file.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you run these commands, they may download and execute third-party tooling in your project environment.
The setup documentation includes user-directed package installation and npx commands, including @latest package resolution. This is normal for a React setup guide but depends on external package provenance.
npx create-next-app@latest my-app --typescript --tailwind --app ... npx shadcn@latest init ... npm install @tanstack/react-query
Run setup commands only in the intended project folder, review package sources, and consider pinning versions for reproducible builds.
Project architecture notes and decisions may persist across sessions and could influence future React assistance.
The setup creates a persistent local memory file for the skill to track React project context over time.
cp memory-template.md ~/react/memory.md
Do not store secrets or sensitive customer data in the memory file, and review it periodically for stale or incorrect guidance.