Api Usage Metrics
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a simple React UI instruction skill that asks the user to install a third-party npm package, with no evidence of credential access, data collection, or hidden behavior.
This skill appears safe and narrowly scoped. Before using it, confirm that 'orbcafe-ui' is the package you intend to add, review the package source or npm page if this is a production project, and pin a trusted version if your dependency policy requires it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package adds third-party code to the user's project and makes the project depend on that package.
The skill instructs the user to add a third-party npm dependency. This is expected for a React UI component skill, but dependency provenance and version pinning remain relevant user considerations.
npm install orbcafe-ui # or pnpm add orbcafe-ui
Verify the npm package, review its documentation and maintainers, and consider pinning a known-good version before installing it in important projects.