Analytics Platform Base
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Installing the dependency will add third-party code to the user's project.
Why it was flagged
The skill instructs the user to install an external npm package without a pinned version. This is expected for a UI-library integration, but it introduces normal package supply-chain considerations.
Skill content
npm install orbcafe-ui # or pnpm add orbcafe-ui
Recommendation
Review the npm package, its publisher, version, and dependency tree before installing it in a sensitive project.