Skillv1.1.0

ClawScan security

NEXUS Changelog · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 9, 2026, 5:08 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only connector to an external paid NEXUS AI service and its requirements and instructions are broadly consistent with that purpose, though there are a few minor mismatches and trust decisions you should consider before installing.
Guidance: This skill is an instruction-only bridge to a paid external service (ai-service-hub-15.emergent.host). Before installing: (1) Confirm you are willing to send your changelog text (and any sensitive content) to that external host over the network. (2) Understand NEXUS_PAYMENT_PROOF is a sensitive value that the skill will place in request headers — don't reuse unrelated secrets in that variable. (3) The skill will not read your local git repo automatically (filesystem access is disabled); you must provide commit text or diffs as input. (4) Use the provided sandbox token (sandbox_test) for trial runs rather than your real payment credential. (5) Only proceed if you trust the external provider and their payment flows; if you need an offline/local changelog generator, look for a skill that explicitly allows filesystem access or runs locally.

Review Dimensions

Purpose & Capability: noteThe name/description claim 'Generate changelogs from git commits or descriptions' is consistent with a remote API that accepts input text. However the skill explicitly disallows filesystem access and provides no mechanism to read a local git repository automatically — the user must supply commit data/text. Requiring a payment-proof environment variable is coherent for a paid external service, though it may surprise users who expected an offline/local changelog generator.
Instruction Scope: okSKILL.md only instructs the agent to call the external API (ai-service-hub-15.emergent.host) using standard HTTP headers and payment flows. It does not instruct reading unrelated files, shell commands, or other environment variables beyond the declared NEXUS_PAYMENT_PROOF. The skill declares network permission and denies filesystem/shell access, which matches the instructions.
Install Mechanism: okNo install spec and no code files — this is instruction-only. Nothing is written to disk and there are no downloads or third-party packages, which is the lowest-risk install mechanism.
Credentials: noteOnly one env var is required: NEXUS_PAYMENT_PROOF (declared as primary credential). That is proportionate for accessing a paid remote API. However this single env var is sensitive and will be sent to the external host as a payment header; users should understand what value is stored there and avoid putting unrelated secrets in it.
Persistence & Privilege: okalways is false and the skill does not request persistent or system-wide privileges. It does not modify other skills or system config. Autonomous invocation is allowed (platform default), which is expected for skills.