privacy-parser-pii-extraction

SUSPICIOUS. The core functionality matches the stated purpose, and there is no clear credential theft or exfiltration path, but install trust is weak: the publisher/source relationship is inconsistent, the code is installed from a personal GitHub repo, and the large model checkpoint download is undocumented and unverifiable. Main concern is supply-chain risk, not confirmed malware.