Back to skill
Skillv1.1.0
ClawScan security
NEXUS Teammate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 9, 2026, 5:15 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose, runtime instructions, and required credential (NEXUS_PAYMENT_PROOF) are internally consistent for a paid remote AI service, but the provider is unverified and the payment credential is sensitive — proceed only if you trust the remote host.
- Guidance
- This skill is internally consistent: it sends your queries to a single external service and expects a payment proof credential. Before installing, verify the service operator (ai-service-hub-15.emergent.host) and their documentation; do not place a real payment credential in a global environment variable unless you trust the site. Use the provided sandbox_test mode for trials, limit the credential's scope (use an ephemeral or test credential), and monitor network/payment activity when first using the skill. If you cannot verify the provider or are uncomfortable granting payment credentials, avoid installing or keep the credential out of your default environment.
Review Dimensions
- Purpose & Capability
- okName/description (AI teammate) match the instructions (POST user input to a remote AI endpoint). The declared requirement (a payment proof credential) is coherent with the documented paid API flows (x402 / MPP / legacy header).
- Instruction Scope
- okSKILL.md only instructs sending input and payment credentials to the documented remote endpoint; it does not request filesystem or shell access and does not direct unrelated data exfiltration. The skill explicitly declares network permission and no filesystem/shell usage.
- Install Mechanism
- okNo install spec or code is included (instruction-only). Nothing is downloaded or written to disk by an installer, minimizing execution/supply-chain risk.
- Credentials
- noteOnly a single env var (NEXUS_PAYMENT_PROOF) is required and is the declared primary credential — this is proportionate to a paid API. However, that value is sensitive (represents payment/authorization) and granting it globally or permanently carries financial risk if the service or credential handling is untrusted.
- Persistence & Privilege
- okSkill is not always-enabled and does not request platform-wide changes. It does not modify other skills or system config according to the provided files.