Audit Trail Logs
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Installing the package may add third-party code to the user’s project.
Why it was flagged
The skill asks the user to install a third-party npm package. This is expected for a React UI component skill, but it means the user must trust that package and its dependency chain.
Skill content
npm install orbcafe-ui # or pnpm add orbcafe-ui
Recommendation
Verify the npm package, review its maintainers and version history, and consider pinning a known-good version before adding it to a project.