ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenNexum

v2.1.4

Contract-driven multi-agent orchestration with ACP. Contract sync, webhook + dispatch-queue dual dispatch, cross-review, auto-retry, batch progress tracking.

0· 157·0 current·0 all-time
by@ayao99315
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (contract-driven multi-agent orchestration) matches the repository contents (CLI, core, spawn, prompts, notify packages). The included commands, dispatch queue, webhook flow, and ACP runtime references are coherent with the stated purpose. No unrelated cloud credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md + code instruct the agent/CLI to read and write project files (AGENTS.md, nexum/* runtime files), build prompts, and interact with git (read last commit; commit/push is part of the documented workflow). The skill expects the generator/evaluator to run git add/commit/push as part of normal flow (see COMMIT-CONVENTION and retry prompt). This is consistent with the orchestration purpose but elevates risk when run against sensitive repos because it encourages automatic commits and pushes.
Install Mechanism
No install spec in registry metadata; the SKILL.md expects Node >=20, pnpm, and openclaw. The repository is a pnpm monorepo with no remote download/install steps in the registry manifest. No arbitrary URL downloads or archive extraction were found.
Credentials
No required environment variables or credentials are declared. SKILL.md references OpenClaw webhook token locations (~/.openclaw/openclaw.json and OPENCLAW_HOOKS_TOKEN) and `nexum/config.json`, which is appropriate for webhook/notify functionality. There are no demands for unrelated secrets (AWS, SSH keys, cloud tokens) in the manifest. Still: the skill will operate using local git remotes if configured (git push is part of the workflow), so repository remotes and credentials can cause network activity.
Persistence & Privilege
always:false (normal). The CLI writes/updates files inside the project (AGENTS.md, nexum/ runtime files, generated prompt files) and manages a project-level session counter and dispatch-queue. It does not claim system-wide privileges or modify other skills. Because it encourages/assumes automatic git commits and pushes, it effectively has the ability to change remote repositories (subject to the user's git credentials).
Assessment
This skill appears to be what it says — a repo-local CLI for coordinating generator/evaluator ACP sessions. Before installing or running it, consider the following: - Run in a sandbox or non-production repository first. The workflow expects and documents automatic git add/commit/push actions by generators; if you run this in a repo with a configured remote, agents could push changes upstream. Prefer repos where automatic pushes are acceptable or disable automatic push in your workflow. - Inspect prompt templates (packages/prompts/templates and renderRetryPrompt output) to ensure they don't instruct unapproved external actions. The generator prompts determine what the AI will do (including commands to run). - Check your OpenClaw webhook configuration (nexum/config.json and ~/.openclaw/openclaw.json). Ensure webhook gatewayUrl and tokens point to endpoints you control; do not expose production webhook tokens unintentionally. - The CLI reads/writes project files (AGENTS.md, nexum/*). Back up important state before first run. - If you want to reduce blast radius, run the CLI with limited git credentials (or no remote), or avoid enabling autonomous agents that perform pushes. If you want, I can point out the specific files and lines that implement git operations, webhook dispatch, and prompt rendering so you can review them in more detail.
packages/core/src/git.ts:66
Shell command execution detected (child_process).
packages/spawn/src/status.ts:19
Dynamic code execution detected.
packages/cli/src/lib/webhook.ts:13
Environment variable access combined with network send.
!
packages/cli/src/lib/webhook.ts:1
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972x8ks2czac0j2hzjfg61zhh840jq1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments