ClawHub

Frontend Composition Patterns

v1.0.0

Build flexible React components using compound components, context providers, and explicit variants to avoid boolean prop proliferation and improve scalability.

0· 769·4 current·4 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name, files, and SKILL.md all describe React composition patterns and related guidance. There are no declared binaries, env vars, or unrelated dependencies that would be inconsistent with a documentation/reference skill. One minor note: the package metadata has no user-visible description/homepage even though SKILL.md claims a source ('Vercel Engineering'), which reduces provenance but doesn't indicate malicious intent.
Instruction Scope
SKILL.md contains only documentation and example code (React/TypeScript patterns). It does not instruct the agent to read local files, environment variables, or transmit data to external endpoints. It does include installation instructions (npx clawhub install, and README examples that copy files into local skill folders) — those are user-side commands, not runtime agent instructions. Be aware that running the provided npx commands would fetch remote code.
Install Mechanism
No install spec is embedded in the skill bundle; this is instruction-only. The README suggests installing via npx and copying files from a GitHub tree URL. Those are common for docs-style skills; they do imply fetching remote content if you run them, so inspect the remote repo before executing any npx commands.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportionate for a documentation/reference skill.
Persistence & Privilege
(always) is false and the skill does not request any elevated or persistent system privileges. There are no instructions that modify other skills or system-wide agent settings.
Assessment
This skill is documentation-only and appears coherent with its purpose. It does not request credentials or contain executable code in the bundle. Before installing or running any suggested npx commands, verify the remote repository and author (the SKILL.md mentions 'Vercel Engineering' but the package metadata lacks a homepage), and inspect the files you will fetch — npx and similar tools execute code from remote sources, so only run them against trusted origins. If you only want the guidance, you can read the included Markdown files without running installers.

Like a lobster shell, security has layers — review code before you run it.

latestvk97244t2bdsydfzj5fp9x3x2sd80xmwt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments