Orderly Sdk React Hooks
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This documentation-only skill is coherent, but its examples involve wallet connection and real trading/order-cancel actions, so copied code should be used with financial-account safeguards.
This appears safe as a documentation skill. Before using the sample code in a real app, verify the Orderly packages, lock dependency versions, test on non-production networks first, and add clear user confirmations for placing orders or canceling all orders.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user copies these examples into a real connected app, button clicks could place trades or cancel open orders.
The reference includes code paths for placing orders and canceling all orders, which are high-impact trading actions, although they are disclosed and aligned with the SDK reference purpose.
submit(): Promise<void> ... actions.cancelAllOrders(options?): Promise<void> ... <button onClick={() => cancelAllOrders()}>Cancel All</button>Use explicit confirmations, validation, testnet or sandbox environments, and scoped symbols/accounts before enabling real order placement or bulk cancellation.
A connected wallet/account could expose account identity and enable trading actions inside the application using the SDK.
The documentation shows wallet and account connection flows that use a user's account identity, which is expected for an Orderly trading SDK but still worth noticing.
wallet.connect(): Promise<void> ... wallet.disconnect(): Promise<void> ... state.address: string | null
Connect only the intended wallet and network, clearly display account state, and avoid granting broader permissions than the app needs.
Installing unpinned packages can lead to different dependency versions being used over time.
The guide recommends installing external npm dependencies. This is normal for an SDK reference, but the example does not pin versions.
npm install @orderly.network/hooks @orderly.network/types
Verify the package source, use a lockfile, and pin or review dependency versions for production projects.