nlweb-setup

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill follows standard developer workflows for project initialization, including cloning a repository and managing local configuration.
  • [EXTERNAL_DOWNLOADS]: Downloads project source code and documentation from GitHub (github.com/nlweb-ai/NLWeb), which is a well-known service for software repositories.
  • [COMMAND_EXECUTION]: Utilizes common shell commands such as git clone and pip install for setup, as well as the project's custom CLI tool (nlweb) for environment initialization and connectivity checks.
  • [CREDENTIALS_UNSAFE]: The skill lists common environment variable keys (e.g., OPENAI_API_KEY, AZURE_OPENAI_API_KEY) but correctly instructs the user to manage these in a gitignored .env file, adhering to security best practices for credential management.
  • [DATA_EXFILTRATION]: Mentions that the server may ping nlwm.azurewebsites.net (Azure) via the /who endpoint for diagnostics. This targets a well-known cloud service and is documented as a feature that can be disabled for offline development.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:34 AM
Security Audit — agent-trust-hub — nlweb-setup