Agent Workflow Builder
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a simple instruction-only React UI skill; the main thing to notice is that it asks you to install a third-party npm package.
This skill appears benign and narrowly focused. Before installing, confirm that `orbcafe-ui` is the package you intend to trust, pin a version if appropriate, and review the package documentation for your project’s security requirements.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package will add third-party code to the user's project.
The skill directs users to add a third-party npm package, and the dependency is not pinned to a specific version. This is purpose-aligned for a React UI skill but still introduces normal package supply-chain trust considerations.
npm install orbcafe-ui # or pnpm add orbcafe-ui
Verify the `orbcafe-ui` package source and maintainers, consider pinning a known-good version, and review the package documentation before installing it in sensitive projects.