Scan Report
0 /100
neta-suggest
Neta API research and recommendation skill — provides keyword/tag/category suggestions, validates taxonomy paths, and powers multi-mode content feeds
This is a documentation-only skill that describes usage of the neta-cli CLI tool for content discovery and taxonomy navigation. No executable code, scripts, or dependencies are bundled.
Safe to install
No action needed. This skill is a pure documentation file with no executable components. Verify the neta-cli CLI tool independently before deployment if using it in a production environment.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file access in SKILL.md |
| Network | NONE | NONE | — | Only CLI tool invocation described; network calls occur in the external neta-cli… |
| Shell | NONE | NONE | — | Shell commands described are CLI invocations of neta-cli only |
| Environment | READ | NONE | ✓ Aligned | NETA_TOKEN environment variable is declared as a prerequisite, not accessed prog… |
| Skill Invoke | NONE | NONE | — | No skill invocation logic present |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
File Tree
1 files · 12.8 KB · 490 lines Markdown 1f · 490L
└─
SKILL.md
Markdown
Security Positives
✓ Skill is purely documentation — no executable code present
✓ No credential harvesting, file access, or network calls in the skill itself
✓ No obfuscation, base64, or hidden instructions detected
✓ No sensitive file paths referenced (~/.ssh, ~/.aws, .env, etc.)
✓ No curl|bash, wget|sh, or direct IP network requests
✓ No subprocess, eval, or arbitrary code execution patterns
✓ NETA_TOKEN is a standard API token used only for authentication, not exfiltrated
✓ The skill correctly scopes its capabilities to CLI tool usage documentation