Skillv1.1.0

ClawScan security

NEXUS Llm Gateway · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 9, 2026, 5:12 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (a paid LLM gateway) and only asks for a single payment-related environment variable, but it forwards prompts and payment proofs to an external service you must trust.
Guidance: This skill appears to be what it says: a paid LLM gateway that routes prompts to external LLMs and requires a payment proof credential. Before installing: (1) Confirm you trust the external host (https://ai-service-hub-15.emergent.host) and the skill owner—there's no homepage provided. (2) Treat NEXUS_PAYMENT_PROOF as a secret and avoid putting high-value credentials there until you verify the service. (3) When testing, use the sandbox_test option per the docs to avoid real payments. (4) Understand that your prompts and any payment proofs or signed XDRs will be sent to the provider; do not send sensitive data unless you accept that disclosure. (5) If you need stronger assurance, ask the publisher for provenance (TLS certs, documentation, or an official homepage) before using real funds.

Purpose & Capability: okThe skill claims to be a paid multi-model LLM gateway and its instructions, headers, and accepted currencies align with that purpose. The single required env var (NEXUS_PAYMENT_PROOF) is appropriate for the legacy payment header described and is declared as the primary credential.
Instruction Scope: noteRuntime instructions direct network calls to https://ai-service-hub-15.emergent.host and describe payment flows (x402 / MPP / Masumi / Stellar). The skill does not ask the agent to read files, run shell commands, or access other environment variables. However, it will transmit user prompts and payment proofs/signed XDRs to a third-party endpoint, which has privacy and trust implications.
Install Mechanism: okInstruction-only skill with no install spec and no code files — minimal install risk and nothing is written to disk by the skill itself.
Credentials: noteOnly NEXUS_PAYMENT_PROOF is required, which is proportionate to a paid gateway. This value is sensitive (represents payment credentials/IDs); treat it like a secret. The README/skill also requires the user to provide signed Stellar XDRs in some flows, which may expose transaction data to the service—expected for the payment protocol but notable for privacy.
Persistence & Privilege: okThe skill does not request always:true and is not asking to modify other skills or system config. Network permission is needed (declared). No filesystem or shell access is requested.