Api Usage Metrics

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing the package adds third-party code to the user's project and makes the project depend on that package.

Why it was flagged

The skill instructs the user to add a third-party npm dependency. This is expected for a React UI component skill, but dependency provenance and version pinning remain relevant user considerations.

Skill content

npm install orbcafe-ui
# or
pnpm add orbcafe-ui

Recommendation

Verify the npm package, review its documentation and maintainers, and consider pinning a known-good version before installing it in important projects.