ClawHub

NEXUS Content Generator

v1.0.0

Create blog posts, social media, emails, marketing copy

0· 224·0 current·0 all-time
by@cyberforexblockchain
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (content generation) align with the instructions: the SKILL.md directs the agent to POST user input to a content-generation API. Requesting a payment-proof env var (NEXUS_PAYMENT_PROOF) is coherent with a paid API.
Instruction Scope
Instructions are narrow: make a POST to the declared endpoint with X-Payment-Proof header and return the JSON result. The SKILL.md does send user input off-box to the third-party service (expected for a hosted content API) — this is a privacy/exfiltration risk by design, not an incoherence. The doc claims no filesystem/shell usage and the permission fields match.
Install Mechanism
Instruction-only skill with no install spec or code files — minimal surface on the local machine. No downloads, no package installs, so local install risk is low.
Credentials
Only one env var (NEXUS_PAYMENT_PROOF) is required and it is declared as the primary credential — this is proportionate to a paid API. However, this value is sensitive (used to authorize/bill requests). The skill will send that proof to the external host in a request header; treat it like a credential that could be misused if stolen.
Persistence & Privilege
always is false and the skill does not request persistent or elevated privileges. It does not modify system or other skills' configs according to the files provided.
Assessment
This skill is coherent with its stated purpose but relies on an external service (https://ai-service-hub-15.emergent.host) and requires you to provide a sensitive payment-proof token. Before installing: 1) Verify and trust the remote domain and service terms (look up TLS cert, documentation, and Masumi/Cardano verification process). 2) Test with the provided sandbox value (sandbox_test) rather than your real payment proof. 3) Do not send sensitive personal or regulated data (PHI, financial data) — input is transmitted to a third party. 4) Use a scoped/rotatable payment-proof token if possible and rotate it regularly. 5) If you need stronger assurance, ask the publisher for documentation about how payment proofs are validated and whether the service logs or stores request payloads. Minor oddity: some tags (e.g., health-monitoring) look unrelated to a content generator; that could be benign metadata noise but you may want to confirm with the publisher.

Like a lobster shell, security has layers — review code before you run it.

latestvk978vpr6zcnh2xrw87h8ty00s182s30v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
EnvNEXUS_PAYMENT_PROOF
Primary envNEXUS_PAYMENT_PROOF

Comments