Latest release: v1.0.0Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The manifest, package metadata, and visible skill files consistently describe an NLWeb expert/documentation skill for /ask, MCP, auth, data loading, and deployment; the visible artifacts do not show hidden exfiltration or unrelated behavior.
Instruction Scope
The instructions repeatedly tell the agent to fetch live NLWeb documentation before coding. This is disclosed and purpose-aligned, but users should expect network lookups when the skill is used.
Install Mechanism
There is no install spec, no required binaries, and no required environment variables. The bundle includes scripts/check_secrets.py described as a PostToolUse hook, but no provided manifest installs it; its visible logic only scans local Write/Edit content for hardcoded secrets and emits a warning.
Credentials
The skill includes user-directed examples for Python, npm, data loading, OAuth, and cloud deployment. These are expected for NLWeb setup, but should be run only in the intended project and environment.
Persistence & Privilege
The skill documents session storage, conversation persistence, vector stores, and tenant isolation. This is purpose-aligned guidance rather than evidence that the skill itself persists data, but users should configure retention and access controls carefully.
Assessment
This looks safe to use as an NLWeb reference skill. Expect it to suggest browsing official docs and running setup/deployment commands; review commands before execution, keep credentials in environment variables or a secret manager, and configure auth, tenant isolation, endpoint exposure, and conversation retention deliberately. This assessment is limited to the artifacts shown, since some listed files were omitted or truncated in the provided prompt.