NEXUS Orchestrator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is transparent about using a paid external AI service, but its automated paid/crypto payment flow lacks clear per-request approval or spending limits.
Install only if you trust NEXUS, are comfortable sending task content to its external AI service, and can enforce explicit approval and spending limits before any paid or crypto-backed request.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could incur charges or initiate blockchain/payment-backed API use while completing an orchestration task.
The skill instructs the agent through a paid crypto/payment workflow, but the artifacts do not require explicit user confirmation, spending limits, or a sandbox default before making paid requests.
Price: $1.00/request ... Send payment to the `payTo` address for `maxAmountRequired` ... Retry with `X-PAYMENT` ... or `Authorization: Payment <credential>`
Only allow this skill to run with explicit per-request user approval and a clear spending cap; use `sandbox_test` for testing and avoid giving the agent wallet or payment authority unless intended.
Anyone with access to the configured payment proof may be able to use the paid NEXUS service under that proof.
The skill requires and transmits a payment proof credential to the NEXUS API. This is expected for the paid service, but it is still credentialed authority.
requires:\n env: [NEXUS_PAYMENT_PROOF] ... -H "X-Payment-Proof: $NEXUS_PAYMENT_PROOF"
Use a scoped or test payment proof where possible, rotate it if exposed, and do not configure broader wallet/private-key credentials for this skill.
Prompts, goals, and any sensitive content included in the request may be visible to NEXUS and its downstream model providers.
User task data is sent to an external orchestrator and server-side AI models. That is purpose-aligned, but it creates an external data-sharing boundary.
All data is sent to `https://ai-service-hub-15.emergent.host` over HTTPS/TLS ... uses LLM models (GPT-5.2, Claude Sonnet 4.5, GPT-4o) to process requests ... server-side
Do not submit confidential or regulated data unless you trust the provider and have reviewed its terms, retention policy, and downstream model handling.