Cookie Consent Banner

PassAudited by ClawScan on May 1, 2026.

Overview

This is a simple instruction-only React UI skill, with the main thing to notice being that it asks you to add an external npm dependency.

This skill appears safe as an instruction-only UI example. Before using it, check whether `orbcafe-ui` is an appropriate and trusted dependency for your project, and pin a reviewed version if you adopt it.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing the package would add third-party code to the user's project.

Why it was flagged

The skill asks the user to add an external npm dependency and does not pin a package version. This is expected for a React UI skill, but it is still a supply-chain consideration.

Skill content

npm install orbcafe-ui
# or
pnpm add orbcafe-ui

Recommendation

Review the `orbcafe-ui` package, its publisher, version, and dependency tree before installing it in a production project.