ClawHub

NEXUS Data Transform

v1.1.0

Convert data between formats (JSON, CSV, XML, YAML)

0· 341·0 current·0 all-time
by@cyberforexblockchain
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to convert between JSON/CSV/XML/YAML and its runtime instructions call a remote data-transform API to do exactly that. Requesting a payment proof credential (NEXUS_PAYMENT_PROOF) aligns with the described pay-per-request model; nothing in the manifest asks for unrelated cloud creds, binaries, or filesystem access.
Instruction Scope
SKILL.md instructs the agent to POST the user's input to https://ai-service-hub-15.emergent.host and to include payment headers or proofs. It does not ask for filesystem or shell access. This is within scope for a remote service wrapper, but it does explicitly transmit user input (and in some flows signed Stellar XDRs or payment identifiers) to an external host, which is a privacy/security consideration the user must accept.
Install Mechanism
No install spec or code is present (instruction-only), so nothing is written to disk or installed by the skill itself. This is low-risk from an install/remote-code perspective.
Credentials
Only one required env var is declared: NEXUS_PAYMENT_PROOF (the primary credential). That maps to the documented legacy header or Authorization header flows and is proportionate to a paid API. Treat the value as a sensitive secret because it authorizes payments/requests.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform privileges, and does not modify other skills or system settings. Autonomous invocation is allowed (platform default), which is expected for skills.
Assessment
This skill appears to be a thin wrapper for a paid remote service — installing it will cause your agent to send whatever input you give it to ai-service-hub-15.emergent.host and to include the NEXUS_PAYMENT_PROOF credential in requests. Before installing: 1) Verify you trust the service domain and owner (no homepage provided here). 2) Do not place high‑value secrets or PHI in inputs sent to the service. 3) Use the sandbox test flow (X-Payment-Proof: sandbox_test) to try functionality first. 4) Store NEXUS_PAYMENT_PROOF in a secure, isolated environment variable and rotate it if compromised. If you cannot verify the provider or are uncomfortable sending data off‑host, do not install the skill.

Like a lobster shell, security has layers — review code before you run it.

aivk974vn31thykp6rp44bcvwbbcd84h0kbcardanovk974vn31thykp6rp44bcvwbbcd84h0kblatestvk974vn31thykp6rp44bcvwbbcd84h0kbstellarvk974vn31thykp6rp44bcvwbbcd84h0kbx402vk974vn31thykp6rp44bcvwbbcd84h0kb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
EnvNEXUS_PAYMENT_PROOF
Primary envNEXUS_PAYMENT_PROOF

Comments