Api Usage Metrics
PassAudited by ClawScan on May 1, 2026.
Overview
This is a simple React UI instruction skill that asks the user to install a third-party npm package, with no evidence of credential access, data collection, or hidden behavior.
This skill appears safe and narrowly scoped. Before using it, confirm that 'orbcafe-ui' is the package you intend to add, review the package source or npm page if this is a production project, and pin a trusted version if your dependency policy requires it.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package adds third-party code to the user's project and makes the project depend on that package.
The skill instructs the user to add a third-party npm dependency. This is expected for a React UI component skill, but dependency provenance and version pinning remain relevant user considerations.
npm install orbcafe-ui # or pnpm add orbcafe-ui
Verify the npm package, review its documentation and maintainers, and consider pinning a known-good version before installing it in important projects.