NEXUS Regex Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a disclosed paid external regex service, but its payment workflow could spend cryptocurrency without an explicit per-request approval or budget control in the skill instructions.
Install only if you trust NEXUS and are comfortable sending regex prompts to its API. Use the sandbox option first, and do not allow real crypto payments unless your agent requires explicit confirmation, validates the amount and recipient, and enforces a spending limit.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent automates this flow, it could incur per-request cryptocurrency charges without the user noticing each transaction.
The skill gives a workflow for making real blockchain payments for requests, but the artifacts do not specify an explicit user approval step, spending limit, or recipient verification before payment.
Send payment to the `payTo` address for `maxAmountRequired` ... Create payment: Masumi escrow (Cardano) or direct Stellar transfer.
Use sandbox mode for testing and require explicit confirmation, amount checks, recipient checks, and a budget cap before any paid request.
Payment proof values may identify or authorize access to paid service requests.
The skill requires a payment proof credential and sends it to the NEXUS API as part of the paid service workflow. This is disclosed and purpose-aligned, but still sensitive.
requires: env: [NEXUS_PAYMENT_PROOF] ... `X-Payment-Proof: <masumi_payment_id>`
Store the value as a secret, prefer the sandbox value for testing, and avoid sharing reusable payment proofs broadly.
Sensitive sample text included in regex prompts could leave the local environment.
The skill clearly discloses that user input is sent to an external AI service. This is expected for the remote regex generator, but users should treat submitted examples as shared with the provider.
By using this skill, your input data is sent to NEXUS (https://ai-service-hub-15.emergent.host) for AI processing.
Do not send secrets, private records, credentials, or regulated data unless you trust the provider and its retention policy.
Users have less provenance information to confirm who controls the endpoint and payment flow.
The registry metadata does not provide a source repository or homepage, which makes independent verification harder for a paid network service.
Source: unknown Homepage: none
Verify the NEXUS domain and service documentation independently before using real payment credentials.