nlweb-setup
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows standard developer workflows for project initialization, including cloning a repository and managing local configuration.
- [EXTERNAL_DOWNLOADS]: Downloads project source code and documentation from GitHub (
github.com/nlweb-ai/NLWeb), which is a well-known service for software repositories. - [COMMAND_EXECUTION]: Utilizes common shell commands such as
git cloneandpip installfor setup, as well as the project's custom CLI tool (nlweb) for environment initialization and connectivity checks. - [CREDENTIALS_UNSAFE]: The skill lists common environment variable keys (e.g.,
OPENAI_API_KEY,AZURE_OPENAI_API_KEY) but correctly instructs the user to manage these in a gitignored.envfile, adhering to security best practices for credential management. - [DATA_EXFILTRATION]: Mentions that the server may ping
nlwm.azurewebsites.net(Azure) via the/whoendpoint for diagnostics. This targets a well-known cloud service and is documented as a feature that can be disabled for offline development.
Audit Metadata