ClawHub

Realtime React Hooks

v1.0.0

React hooks for real-time data with SSE, WebSocket, and SWR integration. Covers connection management, reconnection logic, and optimistic updates. Use when building React apps with real-time features. Triggers on SSE hook, WebSocket hook, real-time React, useEventSource, live updates.

0· 914·4 current·4 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description state 'real-time React hooks' and the SKILL.md provides only TypeScript/React hook patterns (SSE, WebSocket, SWR integration, subscription, UI indicator). There are no unrelated environment variables, binaries, or permissions requested, so the requested surface matches the stated purpose.
Instruction Scope
SKILL.md contains code examples and usage notes only; it does not instruct the agent to read arbitrary files, export secrets, access unrelated credentials, or post data to unknown endpoints. The code references typical endpoints like '/api/events/${key}' and '/api/ws' which is expected for realtime hooks. There is no open-ended guidance that would grant broad discretionary access.
Install Mechanism
There is no formal install spec (instruction-only), which is lowest risk. README shows manual copy instructions and an 'npx clawhub@latest install' suggestion. One example uses 'npx add https://github.com/.../tree/...' which is not a standard npx pattern — this is a minor inconsistency (documentation quirk) but not evidence of malicious behavior. No downloads or archive extract operations are specified in a machine-executable install spec.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The examples don't access process.env or secrets. The lack of requested credentials is proportional to the simple client-side hook patterns provided.
Persistence & Privilege
Flags show always:false and default invocation behavior. As an instruction-only skill it doesn't request persistent presence or modify other skills or system settings. No privileged agent-wide permissions are requested.
Assessment
This skill is a set of example React hooks (no executable install steps), and its code examples are consistent with the described purpose. Before using: (1) verify the source — the skill lists no homepage and the registry owner ID is opaque; prefer installing from a known repository or copying vetted code rather than blindly running install commands that fetch remote code; (2) review and test the hook code in your environment (validate JSON parsing and error handling, and ensure your server endpoints (/api/events, /api/ws) are trusted); (3) avoid pasting or running any non-standard npx/git commands from unknown origins; (4) if you plan to use these patterns in production, run your normal security review (dependency audit, input validation, CORS and auth checks on the server side).

Like a lobster shell, security has layers — review code before you run it.

latestvk979j5p448dgzz3e9995spt2wx80wttn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments