Orderly Sdk Install Dependency
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a straightforward instruction-only dependency installation skill; the main thing to notice is that it asks to install multiple unpinned third-party npm packages for DEX and wallet functionality.
This skill appears safe for its stated purpose, but it should be treated like any dependency-installation helper: use it only in the correct project, confirm the packages are the ones you want, and consider pinning or auditing dependencies before using them in a production DEX or wallet-connected application.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing these dependencies can change your project files and bring in third-party code, including wallet connector libraries.
The skill directs installation of multiple external npm packages without version pins. This is central to the skill’s dependency-installation purpose, but it still expands the project’s supply-chain trust base.
npm install @orderly.network/react-app ... @orderly.network/wallet-connector ... npm install @web3-onboard/injected-wallets @web3-onboard/walletconnect ... npm install @solana/wallet-adapter-base @solana/wallet-adapter-wallets
Run the commands only in the intended project, review the package names, prefer a lockfile or pinned versions where appropriate, and use normal dependency auditing practices.