Safety Report

Nlp

Name: Nlp
Author: xueyetianya

NLP toolkit for text analysis including sentiment detection, keyword extraction, language detection, summarization, tokenization, and entity recognition.

45Downloads

0Installs

0Stars

3Versions

API Integration4,971 Translation & i18n1,457 Web Scraping958

Security Analysis

high confidence

Suspicious0.12 risk

The package is internally consistent and low-risk (no network calls or credential requests) but the README claims full NLP functionality and an NLP_DIR env var while the shipped script only echoes/logs inputs (no real NLP) and uses XDG_DATA_HOME — this mismatch is misleading and worth caution.

Mar 15, 20262 files3 concerns

Purpose & Capabilitynote

The skill's name/description promise NLP capabilities (sentiment, keywords, summarization, entity recognition). The included script exposes commands with those names but contains no real NLP implementation: it merely prints 'Processing', echoes inputs, and appends the raw input to per-command log files. This is misleading if a user expects actual analysis.

Instruction Scopenote

SKILL.md instructs running the 'nlp' CLI and redirecting output; the script implements those commands and only writes local logs. There are no network calls, no reading of unrelated system files, and no exfiltration. However SKILL.md mentions an NLP_DIR env var to change the data directory, but the script ignores NLP_DIR and uses XDG_DATA_HOME/HOME instead — an instruction/scope mismatch.

Install Mechanismok

No install spec is provided (instruction-only), and the included script is a plain shell script. No external downloads, package installs, or extract operations are present.

Credentialsnote

The skill declares no required env vars or credentials (correct). However SKILL.md references NLP_DIR as a configurable env var while the script actually respects XDG_DATA_HOME or falls back to HOME — the mismatch could cause confusion. The script will create and write logs under ~/.local/share/nlp by default, which means any input you send will be persisted locally.

Persistence & Privilegeok

always is false and the skill does not request elevated privileges or modify other skills or system-wide configs. Its only persistent effect is creating a data directory and appending log files there.

Guidance

This skill is low-risk in that it has no network calls or credential requests, but it is misleading: the code does not perform real NLP — it just echoes inputs and appends them to log files in ~/.local/share/nlp (or $XDG_DATA_HOME/nlp). If you plan to send sensitive text, be aware it will be written to disk. Also note SKILL.md mentions NLP_DIR but the script ignores it; consider asking the publisher for clarification or reviewing/updating the script before use. If you expect actual NLP processing, use a different, proven implementation or extend the script yourself. Lastly, confirm whether the agent will execute this script in an environment where writing logs is acceptable.

Latest Release

v1.0.2

Standards compliance: unique content, no template text

More by @xueyetianya

Gpt

0 stars

Campaign

0 stars

Orders

0 stars

Changelog

0 stars

Trend

0 stars

Passgen

0 stars

Published by @xueyetianya on ClawHub