orbcafe-layout-navigation
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherently focused on building an ORBCAFE UI shell/navigation flow, with only standard npm setup commands to review before use.
This skill appears safe for its stated purpose. Before using it, review the npm package installation and project scripts, preferably with pinned versions or a lockfile, then apply the generated UI code in the intended project only.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing these packages can change the project dependency tree and bring in third-party code.
The skill discloses npm dependency installation without version pins. This is expected for an ORBCAFE UI setup workflow, but it relies on the normal npm package supply chain.
npm install orbcafe-ui @mui/material @mui/icons-material @mui/x-date-pickers @emotion/react @emotion/styled dayjs
Install from trusted registries, review package names, and consider pinning versions or using a lockfile in production projects.
Running these commands can execute local project scripts on the machine where the app is being developed.
The skill asks the user or agent to run local npm build/dev commands. These are standard and purpose-aligned for app integration, but npm scripts execute code defined by the target project.
npm run build cd examples npm install npm run dev
Review the target repository's package.json scripts before running them, and run them only in the intended development workspace.