React Component Generator
Security checks across malware telemetry and agentic risk
Overview
This appears to be a simple local React component file generator, with minor cautions about local file overwrites, unclear setup, and overstated feature support.
This skill is reasonable for generating a simple local React component file, but inspect the script before running it, use a safe component name in the intended directory, and do not assume the advertised TypeScript, hook, class, or HOC options are implemented.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with an unexpected name or path-like value, it could create or overwrite a .jsx file in an unintended location.
The user- or agent-supplied component name directly controls the output file path and the script overwrites that .jsx file without a prompt. File generation is expected for this skill, but the argument should stay scoped to an intended project filename.
NAME="${1:-MyComponent}"
cat > "$NAME.jsx"Run it only in the intended project directory, use simple component names, and add filename validation plus an overwrite confirmation if maintaining the skill.
A user may need to inspect and run the bundled script manually rather than relying on a clear, declared install process.
The skill also ships a shell script and documents a CLI command, so users do not get a fully declared setup or dependency path from the install metadata.
No install spec — this is an instruction-only skill.
Document how the command is installed or invoked, and declare the shell utilities it relies on.
The skill may produce less complete or different output than expected, though this is a functionality mismatch rather than evidence of malicious behavior.
The artifacts advertise broad component and TypeScript support, while the included script shows only a basic function .jsx generator, so users should not overestimate the implemented capability.
支持 Function Component, Class Component, Hooks, TypeScript,一键生成完整组件代码。
Verify generated code before use and update the documentation or implementation so the advertised options match the actual behavior.