Skillv1.1.0

ClawScan security

NEXUS Summarize · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 5:15 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to be a straightforward paid summarization front-end, but it requires a payment-proof credential and directs sensitive payment flows to an unvetted external host — the manifest and instructions have a few mismatches that warrant caution.
Guidance: This skill is coherent with being a paid summarization API, but exercise caution before installing: 1) Verify the service and domain (https://ai-service-hub-15.emergent.host) independently — the package provides no homepage or provenance. 2) Treat NEXUS_PAYMENT_PROOF as a sensitive secret: the skill will send it as an HTTP header to the external host. If you do not trust the endpoint, do not set that env var. 3) Prefer testing using the documented sandbox mode (X-Payment-Proof: sandbox_test) before supplying real payment proofs. 4) Avoid sending private keys or unencrypted signed transactions to third parties unless you fully trust the sponsor endpoint — posting signed XDRs can disclose signature material. 5) If you need stronger assurance, request vendor documentation or source code for the remote service, or use an alternative summarizer with established provenance. Additional information that would raise confidence: a trustworthy homepage, public vetting of the ai-service-hub domain, or more explicit notes on how NEXUS_PAYMENT_PROOF is scoped/rotated and whether it's reversible or limited to a short-lived credential.

Review Dimensions

Purpose & Capability: noteThe skill's name and description (summarization) align with the instructions (POST text to an external summarization API). Requiring a payment proof credential (NEXUS_PAYMENT_PROOF) is consistent with a paid service, but the manifest marks that env var as required even though the SKILL.md documents a sandbox/test mode that should not need a credential — this mismatch is unexpected.
Instruction Scope: concernInstructions require sending user data (the text to summarize) to https://ai-service-hub-15.emergent.host and also describe posting signed Stellar XDRs to a sponsor endpoint. Posting signed XDRs or payment proofs can expose cryptographic signatures or payment identifiers; the skill's trust statement claims no permanent storage but that is unverifiable. The skill's runtime guidance also instructs the agent to read the NEXUS_PAYMENT_PROOF env var into an X-Payment header — that is direct transmission of a credential to a third party.
Install Mechanism: okNo install spec and no code files are present (instruction-only). This reduces filesystem risk because nothing is written or executed locally.
Credentials: concernOnly one env var is requested (NEXUS_PAYMENT_PROOF), which is proportionate for a paid API. However: (1) it's marked required in the manifest even though the documentation provides a sandbox/test option; (2) the skill will transmit that env value as an HTTP header to an external host, meaning a potentially sensitive secret is sent to a third-party endpoint. The manifest provides no justification for why the variable must be pre-populated rather than optional at call time.
Persistence & Privilege: okalways is false and there is no install-time persistence or modification of other skills or system settings. The skill requests network access (documented) but no filesystem or shell access, which matches its instruction-only nature.