Ainative React Sdk

v1.0.0

Use @ainative/react-sdk to add AI chat and credits to React apps. Use when (1) Installing @ainative/react-sdk, (2) Using the useChat hook for chat completion...

⭐ 0· 71·1 current·1 all-time

byToby Morning@urbantech

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

ℹ

Purpose & Capability

SKILL.md shows a React provider, useChat and useCredits hooks and usage examples that match the skill name/description. Minor inconsistencies: SKILL.md header says published npm v1.0.1 while registry metadata lists version 1.0.0; source and homepage are missing which makes provenance unclear but not contradictory to the documented functionality.

✓

Instruction Scope

Instructions are focused on installing and using the @ainative/react-sdk in a React app (provider config, hooks, env var examples). The runtime instructions do not ask the agent to read unrelated system files or exfiltrate data.

✓

Install Mechanism

This is an instruction-only skill that tells the user to run 'npm install @ainative/react-sdk'. There is no install spec that would download arbitrary archives or write code to disk beyond normal package installation.

ℹ

Credentials

SKILL.md demonstrates the SDK expects an API key (REACT_APP_AINATIVE_API_KEY / VITE_AINATIVE_API_KEY and a provider config apiKey). However, the skill's metadata lists no required env vars or primary credential. The SDK legitimately needs an API key for operation, so the metadata omission is a provenance/documentation gap rather than a functional impossibility.

✓

Persistence & Privilege

Skill is not flagged always:true and does not request persistent or elevated privileges. It's user-invocable and model invocation is enabled (normal for skills).

Assessment

This instruction-only skill appears to be what it claims (a React SDK for chat and credits), but do a quick provenance check before using it in production: 1) Verify the package on the npm registry (owner, package page, readme, and published version) and confirm the maintainer/trustworthiness since source/homepage are missing. 2) Confirm the correct published version (SKILL.md says 1.0.1 vs metadata 1.0.0). 3) Treat the API key (REACT_APP_AINATIVE_API_KEY / VITE_AINATIVE_API_KEY or provider apiKey) as sensitive: store it in secure env/config and avoid embedding it in client bundles. 4) Inspect the installed package contents (node_modules/@ainative/react-sdk) and its network calls to ensure it only talks to expected endpoints. If you cannot validate the package origin, avoid providing secrets to it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9731fssc0rgb12vvene4dz1gd83g3yh

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Ainative React Sdk

License

Comments