NEXUS Error Explain
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent paid error-explanation API, but it can trigger real crypto payments for automatically matched requests without clearly requiring per-request user approval or a spending limit.
Before installing, decide whether you trust NEXUS with your error text and payment proof. Prefer the sandbox mode for testing, redact secrets from logs, and require explicit approval plus a spending limit for any real paid request.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could spend real cryptocurrency or paid service credits if it invokes this skill repeatedly or unexpectedly.
The skill instructs the agent to perform paid payment-flow actions for each request, but the artifacts do not specify per-request user confirmation, a spending cap, or rate limiting.
Price: $0.15/request ... Send payment to the `payTo` address for `maxAmountRequired`
Use only with explicit user approval for each paid call, a sandbox proof for testing, and a strict spending limit or payment wallet isolation.
Routine error-explanation tasks could create unexpected charges if automatic matching triggers the paid service.
Automatic invocation increases the risk of unreviewed paid API calls because the payment instructions are part of the normal workflow.
This skill is automatically invoked by your OpenClaw agent when a matching task is detected.
Disable automatic invocation for paid use cases or configure the agent to ask before every NEXUS request.
Anyone or any agent process with access to the payment proof may be able to make paid NEXUS requests under that proof.
The skill requires a payment proof credential to access the API. This is expected for the paid service, but it is still sensitive authorization material.
requires: env: [NEXUS_PAYMENT_PROOF]
Use a limited-purpose proof or sandbox value when possible, and avoid exposing payment credentials to unrelated skills or agents.
Sensitive log output, stack traces, tokens, or proprietary details included in an error message may be sent to the provider.
The skill clearly discloses that user input is sent to an external AI provider, which is purpose-aligned but relevant for privacy because error messages may contain secrets or internal system details.
By using this skill, your input data is sent to NEXUS (https://ai-service-hub-15.emergent.host) for AI processing.
Review and redact sensitive error text before use, and install only if you trust the NEXUS service.