NEXUS Mcp Bridge
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: nexus-mcp-bridge Version: 1.1.0 The nexus-mcp-bridge skill functions as a legitimate interface for a remote AI service provider. It requests only network access while explicitly disabling filesystem and shell permissions, and its instructions are focused on handling standardized payment protocols (x402/MPP) for API access. All external communication is directed to a single domain (ai-service-hub-15.emergent.host) consistent with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If payment credentials are configured, matching tasks could consume a paid service.
The skill describes a paid per-request workflow. This is central to the service and disclosed, but payment-capable agent calls should be controlled by the user.
Price: $0.25/request ... Send payment to the `payTo` address for `maxAmountRequired`
Use the sandbox while testing and require user confirmation or a budget limit before paid requests.
The payment proof may authorize access to the paid service and should not be exposed casually.
The skill requires a payment proof environment variable and sends it as an authorization/payment header to the provider.
requires:\n env: [NEXUS_PAYMENT_PROOF] ... `X-Payment-Proof: <masumi_payment_id>`
Use the least-privileged or sandbox proof available, avoid sharing it in prompts or logs, and rotate it if exposed.
Any sensitive content included in a request leaves the local agent environment and is handled by the NEXUS service.
The artifacts disclose that user input is sent to an external hosted AI/MCP service for processing.
By using this skill, your input data is sent to NEXUS ... uses LLM models ... server-side
Only send data you are comfortable sharing with NEXUS, and review the provider’s privacy and service terms for sensitive workloads.
Users must rely more heavily on the hosted provider’s disclosed endpoint and documentation.
The skill has no local executable package to inspect, and the registry does not provide a source repository or homepage for independent provenance review.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the NEXUS service identity and terms before trusting it with payments or sensitive queries.