ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cookie Consent Banner

v1.0.0

Implement Cookie Consent Banner using OrbCafe UI (CMessageBox). Enterprise-grade React component with built-in best practices.

0· 168·0 current·0 all-time
by@shenruiyang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description promise an 'enterprise-grade Cookie Consent Banner' with best practices (i18n, accessibility, consent handling). The SKILL.md only shows installing an 'orbcafe-ui' package and a minimal CMessageBox usage example that does not implement cookie consent flows, preference storage, categories, or any privacy/legal considerations — this is a mismatch between claimed purpose and provided instructions.
Instruction Scope
Instructions are limited to an npm/pnpm install command and a small React example. They do not instruct the agent to read system files, credentials, or external endpoints. However the guidance is incomplete and vague for the stated purpose (no instructions for persisting consent, integrating with cookies/localStorage, or handling opt-in/opt-out).
Install Mechanism
There is no formal install spec in the skill bundle (it's instruction-only). The SKILL.md recommends installing orbcafe-ui from npm, which is a normal package install pattern, but the skill metadata lacks a homepage/source and the package's authenticity and quality should be verified before use.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no obvious excessive permissions or secret access requests.
Persistence & Privilege
Skill is not always-enabled and has no special persistence or privilege requests. It does not modify other skills or system settings.
What to consider before installing
This skill is instruction-only and appears misleading: it promises an enterprise cookie-consent solution but only shows a simple message-box example. Before installing or using orbcafe-ui, verify the npm package and source repository (check README, repository link, maintainers, download counts, open issues, and license). Inspect the package contents and run `npm audit` or equivalent. Ensure any cookie-consent implementation includes storage of user preferences, category management, clear opt-in/opt-out flows, and legal compliance (GDPR/CCPA) — none of which are shown here. If you need production-grade consent handling, prefer a well-known library or review the orbcafe-ui repo and test how it persists and protects consent data.

Like a lobster shell, security has layers — review code before you run it.

latestvk979jdffb35m355g5thyt3xtd982xf1g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments