Ainative React Sdk
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only React SDK helper, with ordinary cautions around installing an external npm package and handling the AINative API key and chat data safely.
This skill appears safe as documentation for a React SDK. Before using it, confirm the npm package is legitimate and decide whether your AINative API key is safe to place in client-side React code; if not, use a backend proxy or other scoped-key approach.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package will add third-party code to the user's React project.
The skill asks the user to install an external npm package, while the reviewed artifact set contains only documentation and no package source or lockfile. This is expected for an SDK helper, but it means package provenance should be checked separately.
npm install @ainative/react-sdk
Verify the npm package name, publisher, version, and release history before installing or committing it to a project.
A exposed or over-permissive API key could allow unwanted use of the user's AINative credits or account quota.
The SDK setup uses an AINative API key. This is purpose-aligned for chat and credit APIs, but the reviewed metadata does not declare a primary credential or environment variable requirement.
<AINativeProvider config={{ apiKey: 'ak_your_key' }}>Use the least-privileged key available, avoid committing real keys, and confirm whether the key is intended for client-side React use or should be kept behind a backend.
User-entered chat content may leave the local React app and be handled by the provider.
The chat hook sends conversation messages through the SDK for completions. That is expected for an AI chat integration, but users should understand that chat content may be processed by the AINative service.
`messages` | `Message[]` | Full conversation history
Avoid sending secrets or sensitive personal data unless the provider's privacy, retention, and data-use terms are acceptable.