emblem-ai-react
React integration skill for EmblemAI's one-shot user management. Use when the user wants to add website authentication plus wallet-enabled users to a React app with EmblemAuthProvider, ConnectButton, social/email/wallet login, chat components, React auth hooks, React composition patterns, or Migrate.fun React hooks.
73
66%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/emblem-ai-react/SKILL.mdSecurity
2 findings — 2 medium severity. This skill can be installed but you should review these findings before use.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.90). HustleProvider is wired to a runtime backend via hustleApiUrl (import.meta.env.VITE_HUSTLE_API_URL) — e.g. the example base URL https://emblemvault.dev — and the docs explicitly state that this endpoint is used for prompt and tool orchestration, meaning remote content at that URL can directly control prompts at runtime.
W009: Direct money access capability detected (payment gateways, crypto, banking)
What this means
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Why it was flagged
Direct money access detected (high risk: 1.00). The skill explicitly supports "wallet-enabled users", "users can sign in with wallets", React hooks and UI components that expose "vault, and wallet state", and mentions "signing" and a related "emblem-ai-agent-wallet" skill for wallet workflows. These are specific crypto/wallet capabilities (wallet auth, signing, and wallet state management), which fall under the Crypto/Blockchain category in the rules and can enable transaction signing or wallet-based financial actions.
- Repository
- EmblemCompany/Agent-skills
- Commit
2e138ef
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.