React Composition
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
If a user installs from the moving GitHub branch, they may not get exactly the same artifact that was reviewed here.
Why it was flagged
The README provides a user-directed install command that references a GitHub main-branch path rather than a pinned version or commit, so the fetched content could change over time.
Skill content
npx add https://github.com/wpank/ai/tree/main/skills/frontend/react-composition
Recommendation
Prefer the reviewed registry artifact or a pinned commit/version when installing, and verify the source before running install commands.