NEXUS Content Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a disclosed paid content-generation API, but it includes crypto payment flows without clear per-request approval or budget controls.
Install only if you trust NEXUS as a paid external AI provider. Before enabling it, use sandbox mode where possible, require explicit approval for each paid request, set a spending cap, and avoid sending sensitive business or personal data unless you accept the provider’s privacy terms.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has access to payment tooling or credentials, using the skill could incur real charges or crypto transfers.
The documented workflow includes initiating crypto/stablecoin payment for each request, but the artifacts do not define explicit user approval, budget caps, or rollback controls.
Price: $0.40/request ... Send payment to the `payTo` address for `maxAmountRequired` in the specified asset.
Require explicit user confirmation for every paid request, prefer the sandbox for testing, and configure a strict spend limit before enabling automatic use.
A payment proof may authorize service usage or reveal payment-related information to the provider.
The skill requires a payment-proof credential and sends it to the NEXUS API; this is expected for the paid service, but it is still sensitive authorization material.
requires:\n env: [NEXUS_PAYMENT_PROOF] ... `X-Payment-Proof: <masumi_payment_id>`
Use a limited-purpose payment proof, avoid storing wallet secrets in this variable, and rotate or remove it when no longer needed.
Prompts, drafts, or business information entered into the skill leave the local environment and are processed by NEXUS.
The skill clearly discloses that user input is sent to an external AI provider; this is purpose-aligned but matters for confidential content.
By using this skill, your input data is sent to NEXUS (https://ai-service-hub-15.emergent.host) for AI processing.
Do not send confidential or regulated data unless you trust NEXUS and its retention/privacy terms.
It may be harder to independently verify who operates the service and whether the endpoint is the intended provider.
The registry metadata does not provide a source repository or homepage, so users have less provenance information for a skill that depends on a remote paid API.
Source: unknown; Homepage: none
Verify the NEXUS domain and service terms out of band before providing payment credentials or sensitive prompts.