Skillv1.1.0

ClawScan security

NEXUS Sql Builder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 5:15 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (building SQL) matches its runtime instructions, but it requires a payment proof credential and sends your queries to an external service — the origin is unknown and the payment credential is sensitive, so proceed with caution.
Guidance: This skill is essentially a thin client that sends your input to a remote paid API and requires a payment credential. Before installing: (1) verify you trust the service owner and the domain (no homepage or reputable owner info is provided here); (2) do not send sensitive production schemas, credentials, or PII to the service — consider redacting or testing on sanitized examples; (3) prefer using the documented sandbox mode (X-Payment-Proof: sandbox_test) to validate behavior before providing real payment credentials; (4) treat NEXUS_PAYMENT_PROOF as a secret: avoid placing it in global or long-lived envs, and rotate it if exposed; (5) review the sponsor endpoints and payment flows (Cardano/Masumi, Stellar) with your wallet tooling to ensure you aren’t inadvertently signing/forwarding private keys — the skill expects you to POST already-signed XDRs, not raw private keys; (6) if you need stronger assurances, request source or vendor documentation and a verifiable homepage or contact before trusting production data or funds.

Review Dimensions

Purpose & Capability: okThe skill claims to generate SQL and its SKILL.md is an instruction-only client for a paid external SQL-generation API. Requiring a payment proof credential (NEXUS_PAYMENT_PROOF) and network access is coherent with a paid external API.
Instruction Scope: concernRuntime instructions send user input to https://ai-service-hub-15.emergent.host and require including payment headers (X-PAYMENT, Authorization: Payment, or X-Payment-Proof). All user input will be transmitted off-host to a third-party service; the skill also instructs posting signed Stellar XDRs to a sponsor endpoint. These are expected for a paid remote API but pose privacy and credential-use risks (sensitive DB schemas or secrets in queries could be exfiltrated).
Install Mechanism: okInstruction-only skill with no install spec or code files — nothing is written to disk and no third-party packages are fetched during install. This reduces installer-side risk.
Credentials: noteOnly one env var is required (NEXUS_PAYMENT_PROOF) and it's declared as the primary credential. That is proportionate to a paid API, but the variable is sensitive (a payment credential) and grants the skill ability to perform paid calls; storing or exposing it carelessly could incur costs or enable misuse.
Persistence & Privilege: okalways:false (default) and no install actions; the skill does not request elevated or persistent system privileges. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags.