ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NEXUS Code Explain

v1.0.0

Explain code in plain language with complexity analysis

0· 202·0 current·0 all-time
by@cyberforexblockchain
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (code explanation + complexity analysis) match the runtime steps: the SKILL.md instructs the agent to POST user input to a dedicated code‑explain endpoint. Requesting a single payment proof (NEXUS_PAYMENT_PROOF) is coherent with the stated paid service.
Instruction Scope
Instructions only send the provided input to https://ai-service-hub-15.emergent.host and parse the JSON response. That behavior is within the stated purpose, but it means all code and queries are transmitted to an external service — a privacy/secret exposure concern for sensitive code.
Install Mechanism
No install spec and no code files are included (instruction-only skill). This minimizes local attack surface; nothing is written to disk by an installer.
Credentials
Only one environment variable (NEXUS_PAYMENT_PROOF) is required and it is used directly as an X-Payment-Proof header in the request. There are no unrelated credential or filesystem requirements.
Persistence & Privilege
always:false and default invocation behavior. The skill does not request persistent system privileges, filesystem or shell access, or modification of other skills' configs.
Assessment
This skill will send whatever you pass it (including source code) to a third-party endpoint (ai-service-hub-15.emergent.host) and requires a payment proof string in NEXUS_PAYMENT_PROOF. Before installing: (1) only use it with non-sensitive code or confirm you trust the NEXUS provider and their privacy policy; (2) test using X-Payment-Proof: sandbox_test first; (3) store the payment proof in a least-privilege location and rotate it if it is reused elsewhere; (4) if you need offline/local explanation of sensitive code, prefer a local skill or tool instead of this networked service.

Like a lobster shell, security has layers — review code before you run it.

latestvk975yvafqwgq6tnfc6x84qc00h82rtfn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
EnvNEXUS_PAYMENT_PROOF
Primary envNEXUS_PAYMENT_PROOF

Comments