NEXUS Research
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a disclosed paid external research API, but it may let the agent incur paid crypto/API requests without clear per-request approval or spending limits.
Install only if you trust NEXUS and are comfortable sending research prompts to its hosted API. Use sandbox mode first, protect NEXUS_PAYMENT_PROOF, and configure your agent to ask before any paid request or cryptocurrency transaction.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could unintentionally incur charges if it repeatedly matches research tasks and follows the payment workflow.
The skill can be invoked automatically for matching tasks while each request is paid, and the artifacts do not require explicit user confirmation, budget limits, or a spending stop condition before paid use.
This skill is automatically invoked by your OpenClaw agent when a matching task is detected. ... Pricing ... $0.50 per request
Require explicit user approval before each paid request, set a spending cap, and prefer the sandbox mode until the payment flow is verified.
Anyone or any agent with access to this environment variable may be able to use the associated payment proof for this service.
The skill requires and sends a payment proof credential to the NEXUS service; this is purpose-aligned for a paid API, but it is still financial authorization material.
requires:\n env: [NEXUS_PAYMENT_PROOF] ... X-Payment-Proof: <masumi_payment_id>
Store the payment proof securely, avoid sharing it across unrelated tasks, and rotate or replace it if exposed.
Research prompts may contain private or sensitive information that will be processed by the external provider.
The skill discloses that user queries are sent to an external AI service and uses agent/payment protocols; this is expected for the service, but users should understand the data leaves their local agent.
protocols:\n - masumi\n - mpp\n - a2a ... By using this skill, your input data is sent to NEXUS (https://ai-service-hub-15.emergent.host) for AI processing.
Avoid sending sensitive data unless you trust the provider and have reviewed its retention and privacy terms.