Augmented Entity
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less assurance about where the packaged frontend bundle came from.
The skill's provenance is not clearly identified, which limits a user's ability to verify the origin of the bundled app before running local setup commands.
Source: unknown; Homepage: none
Install or run it only in a trusted workspace, and verify the package source and dependency files before executing npm commands.
Running the documented commands may execute local Node tooling and dependency lifecycle scripts.
These are local command-execution setup steps. They are user-directed and proportionate for a React/Vite web application, but they can execute package scripts if a package manifest is supplied.
npm install npm run dev npm run build
Review package files and run the commands in an isolated project directory rather than a sensitive workspace.