Skillv1.1.0

ClawScan security

NEXUS Regex Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 5:14 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to be a small wrapper that sends your text to a paid external Regex service (so it mostly does what it says), but a required payment environment variable and a few minor mismatches raise proportionality and trust questions you should review before installing.
Guidance: This skill sends whatever you type to a third-party service (https://ai-service-hub-15.emergent.host) and expects a payment proof credential. If you plan to install it: (1) treat NEXUS_PAYMENT_PROOF as sensitive — only set it if you trust the provider and store it in a secure secret store, not in world-readable env files; (2) consider using the documented sandbox by passing X-Payment-Proof: sandbox_test for testing before providing real credentials; (3) prefer supplying payment proof per-request (header) rather than a persistent env var if possible; (4) review the provider's documentation/privacy policy and endpoint domain to confirm legitimacy; (5) be cautious enabling autonomous invocation if other skills or secrets are present — autonomous access plus network access can exfiltrate data. The skill is coherent with its stated paid-API behavior but the mandatory env var and some unrelated tags are worth clarifying with the publisher before trusting it with secrets or sensitive inputs.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (generate and explain regexes) matches the runtime instructions: the SKILL.md tells the agent to POST user input to an external NEXUS AI endpoint that returns regexes. The requested NEXUS_PAYMENT_PROOF env var is consistent with the documented paid API, but requiring a persistent env var for a per-request payment proof (when the docs also allow per-request headers and a free sandbox) is an unusual design choice.
Instruction Scope: noteInstructions are narrowly scoped to making network requests to the documented endpoint and handling payment flows (x402 / MPP / legacy header). The skill explicitly requires network access and declares no filesystem/shell usage. It does send all user input to an external third-party service (expected for a hosted AI), which is the primary privacy/security impact to note. Minor mismatch: tags include 'health-monitoring' which is unrelated to regex generation.
Install Mechanism: okInstruction-only skill with no install spec or code files; nothing is written to disk or downloaded during install, which is the lowest-risk install model.
Credentials: concernThe skill requires one environment variable, NEXUS_PAYMENT_PROOF, declared as the primary credential. Requesting a payment proof credential for a paid remote API is plausible, but (a) the SKILL.md documents per-request headers and a sandbox mode, so making an env var mandatory is not clearly justified, and (b) the env var likely holds sensitive payment/credential data. Ask why a persistent env var is required instead of accepting per-request headers, and avoid storing secrets in broadly-readable agent env if you don't trust the provider.
Persistence & Privilege: okalways:false and no install-time scripts or modifications to other skills. The skill requests normal autonomous invocation (platform default) but does not request elevated or persistent platform privileges.