ClawHub

orbcafe-ui-component-usage

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is an instruction-only ORBCAFE UI routing guide; it shows no code, credentials, or background behavior, but users should deliberately review the npm setup commands it recommends.

This skill appears safe as an instruction-only ORBCAFE UI router. Before using its setup steps, verify the npm dependencies and versions, run commands only in the intended project, and separately review any ORBCAFE companion skills it routes to.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

If you follow the setup exactly, npm packages will be installed into your project.

Why it was flagged

The skill tells the agent to provide npm package installation commands as the mandatory integration baseline. This is appropriate for a UI integration guide, but the packages are unpinned in the instruction and would add third-party dependencies to the user's project if run.

Skill content
npm install orbcafe-ui @mui/material @mui/icons-material @mui/x-date-pickers @emotion/react @emotion/styled dayjs
Recommendation

Review the package names and versions, rely on your project's lockfile or pin versions where needed, and run the command only in the intended project directory.

#ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

Using this router may lead the agent to consult or invoke other ORBCAFE module skills for the actual implementation guidance.

Why it was flagged

The router is designed to hand off work to companion ORBCAFE module skills. That is consistent with its purpose, but users should understand that final behavior may also depend on those separately installed/referenced skills.

Skill content
Build chat page, assistant panel, or floating copilot:
  - `orbcafe-agentui-chat`
Recommendation

Review and trust any companion ORBCAFE skills before relying on their recommendations, especially if they include code, credentials, or install steps.