Audit Trail Logs
PassAudited by ClawScan on May 1, 2026.
Overview
This is a simple instruction-only UI skill that asks the user to install a relevant npm package, with no evidence of hidden behavior or sensitive access.
This skill appears safe to use as documentation for adding an OrbCafe UI page. Before installing, check that the orbcafe-ui npm package is the intended dependency and pin or review the version if using it in a production project.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package may add third-party code to the user’s project.
The skill asks the user to install a third-party npm package. This is expected for a React UI component skill, but it means the user must trust that package and its dependency chain.
npm install orbcafe-ui # or pnpm add orbcafe-ui
Verify the npm package, review its maintainers and version history, and consider pinning a known-good version before adding it to a project.