NEXUS Document Extract
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent paid document-extraction API skill, but it deserves review because it can guide paid crypto-backed requests and sends document text to an external NEXUS service.
Before installing, decide whether you trust NEXUS with the document text and payment proof. Prefer sandbox testing first, require manual approval for paid calls, and set a clear spending limit for any crypto or paid-service use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent follows this workflow automatically or repeatedly, the user could incur charges or send crypto payments unintentionally.
The skill documents a paid transfer as part of the workflow. This is disclosed and purpose-related, but the artifacts do not specify a confirm-before-pay control, budget limit, or containment for repeated paid invocations.
Price: $0.30/request ... 5. Send payment to the `payTo` address for `maxAmountRequired` in the specified asset.
Require explicit user approval before each paid request, use the sandbox or a narrowly scoped payment proof by default, and set a per-session spending limit.
Anyone or any agent with access to the payment proof may be able to authorize or associate paid service requests.
The skill requires a payment proof credential and sends it to the NEXUS service as an authorization/payment header. This is expected for the paid provider flow, but it is credential-like authority.
requires: env: [NEXUS_PAYMENT_PROOF] ... `X-Payment-Proof: <masumi_payment_id>`
Use a limited or sandbox payment proof where possible, avoid storing wallet secrets as this variable, and rotate or revoke the proof if exposed.
Sensitive document text may be processed by the external provider and its server-side AI models.
The skill clearly discloses that user input is sent to an external NEXUS-hosted AI service. This is aligned with the purpose, but private document contents leave the local agent.
All data is sent to `https://ai-service-hub-15.emergent.host` over HTTPS/TLS. ... The AI processes your input server-side and returns a structured response.
Only use the skill with documents you are comfortable sending to NEXUS, and redact confidential or regulated data unless the provider’s terms meet your needs.