Skillv1.1.0

ClawScan security

NEXUS Code Explain · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 5:08 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (calling a paid third‑party API and requiring a payment-proof environment variable) is consistent with its description, but the package has no provenance or homepage and will transmit your inputs and payment proof to an external service — proceed only if you trust that provider.
Guidance: This skill forwards whatever code and text you send to a third-party service (ai-service-hub-15.emergent.host) and requires an environment value named NEXUS_PAYMENT_PROOF to pay for requests. Before installing: (1) confirm you trust the NEXUS provider and the emergent.host domain (there is no homepage or clear author provenance in the package), (2) do not store private keys or wallet secret material in NEXUS_PAYMENT_PROOF — it should be a payment proof/credential, not a private key, (3) test using the documented sandbox value (sandbox_test) first to confirm behavior, (4) be aware that your source code and any included secrets will be transmitted to the external service, and (5) review the provider's documentation and privacy/terms pages before making real payments. If you cannot verify the provider or are unsure what the env var contains, avoid installing or use only sandbox mode.

Review Dimensions

Purpose & Capability: okThe skill is an instruction-only wrapper that forwards code and a query to a paid NEXUS AI endpoint; requesting a payment proof credential (NEXUS_PAYMENT_PROOF) is coherent with the documented x402/MPP payment flows and the stated $0.05/request pricing.
Instruction Scope: noteSKILL.md instructs the agent to POST user input and payment headers to https://ai-service-hub-15.emergent.host and to optionally POST signed Stellar XDR to a sponsor endpoint. It does not request filesystem or shell access, but it does transmit user-provided code and payment proofs to the third party — this is expected for a remote API but is a privacy consideration.
Install Mechanism: okNo install spec or code files are included (instruction-only), so nothing is written to disk by the skill itself. This minimizes install-time risk.
Credentials: noteThe only required environment variable is NEXUS_PAYMENT_PROOF (declared as the primary credential), which matches the documented requirement to include payment proofs/credentials. However, the skill will send this value to the external service; ensure you understand what the variable contains (it should be a payment proof/credential, not a private key) and trust the recipient.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence or modifications to other skills or system settings. Autonomous invocation (disable-model-invocation=false) is allowed but is the platform default and not in itself a red flag here.