orbcafe-layout-navigation
v1.0.1Build ORBCAFE application shell and navigation with CAppPageLayout, NavigationIsland, useNavigationIsland, i18n, markdown renderer, and CPageTransition using...
⭐ 0· 226·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (ORBCAFE layout/navigation) matches the SKILL.md steps: install UI libs, choose a shell pattern, wire providers, and produce layout code. Nothing requested (no env vars, no binaries) is disproportionate to building a UI shell.
Instruction Scope
Instructions are scoped to development tasks: check a module contract file, install npm deps, run example dev server, and generate layout/provider code. They do reference a workspace path ('skills/orbcafe-ui-component-usage/references/module-contracts.md') which requires that other repo/skill files exist; this is likely an integration convenience but you should confirm those referenced local files are the intended sources.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md instructs running 'npm install orbcafe-ui @mui/...' and starting examples. This pulls code from public npm registries (no direct URLs), which is expected for a UI integration but carries the normal risk of installing third-party packages and running example/dev scripts. Review the 'orbcafe-ui' package source and example scripts before running.
Credentials
The skill declares no required environment variables, credentials, or config paths and the instructions do not ask for secrets or system config. That is proportionate for a UI/layout helper.
Persistence & Privilege
always is false and there are no install scripts that embed persistent agent behavior in the registry metadata. As an instruction-only skill it does not request elevated or permanent platform privileges.
Assessment
This skill appears coherent for building ORBCAFE UI shell and navigation. Before running anything: 1) verify the npm package 'orbcafe-ui' (check its npm page or source repo) and confirm you trust it; 2) run npm installs in an isolated/dev environment (not on a production host) and run 'npm audit' or similar; 3) review example scripts (examples/*) before executing 'npm run dev' because they can run arbitrary code; 4) confirm the referenced local path 'skills/orbcafe-ui-component-usage/...' exists and is the expected, trusted content; 5) pin package versions or use a lockfile to avoid unexpected upstream changes. If any of those checks fail or the package source is unknown, treat the install as higher risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97chf9s9z6akdn1zhs31wjh9s82yvs3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.