ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NEXUS Log Analyzer

v1.0.1

Feed in server logs, application logs, or system logs and get pattern analysis, anomaly detection, error clustering, and actionable incident summaries.

0· 168·0 current·0 all-time
by@cyberforexblockchain
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (log analysis) align with the instructions to POST logs to an external log‑analysis API and the single declared env var (NEXUS_PAYMENT_PROOF) plausibly corresponds to a payment header. However the package has no source/homepage listed and the registry owner is opaque, so the provenance of the service is unclear.
Instruction Scope
SKILL.md explicitly instructs sending provided logs to https://ai-service-hub-15.emergent.host with an X-Payment-Proof header. It does not request filesystem, shell, or other env access. This is coherent for a networked log-analysis skill, but it transmits arbitrary user data off‑host — a significant privacy risk that the documentation claims is mitigated by in‑memory processing (an unverifiable assertion).
Install Mechanism
Instruction-only skill with no install spec and no bundled code — lowest install risk. Nothing will be written to disk by an installer, but runtime network activity is required.
Credentials
Only one env var (NEXUS_PAYMENT_PROOF) is required and declared as the primary credential, which is proportionate for a pay-per-request API. Confirm what this value is (token vs. private key) and how it must be protected; the SKILL.md examples reference a sandbox token and a Masumi/Cardano payment id but do not fully document storage/rotation.
Persistence & Privilege
Does not request always:true or elevated platform privileges. Agent can invoke it normally; it does not request filesystem or shell access and does not attempt to persist configuration beyond using a payment proof header.
What to consider before installing
This skill is coherent for a hosted log-analysis service, but before installing: 1) verify the provider and endpoint (ai-service-hub-15.emergent.host) and review its privacy/terms; 2) do not send real sensitive logs until you trust the service — test with sanitized or synthetic logs and the sandbox token (sandbox_test); 3) confirm what NEXUS_PAYMENT_PROOF actually is and store it securely (treat it like a secret); 4) understand pricing and Cardano/Masumi payment flow before enabling in production; 5) if you need guarantees about retention or compliance, get them in writing — the SKILL.md claim of no permanent storage is not verifiable from an instruction-only bundle. If you want higher assurance, request source/homepage or a trustworthy published provider and prefer skills with transparent provenance.

Like a lobster shell, security has layers — review code before you run it.

aivk973qsmtr9cy2zhhq3xp66yejh82tqh5cardanovk973qsmtr9cy2zhhq3xp66yejh82tqh5latestvk973qsmtr9cy2zhhq3xp66yejh82tqh5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
EnvNEXUS_PAYMENT_PROOF
Primary envNEXUS_PAYMENT_PROOF

Comments