NEXUS Translate
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a disclosed paid translation API skill that sends your text and payment proof to NEXUS; review cost and privacy expectations before using it.
Install only if you are comfortable sending translation text to NEXUS and with the stated per-request payment model. Prefer sandbox mode for testing, keep the payment proof private, and require confirmation or set limits before allowing paid automatic use.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Translation requests may cost money if a valid payment method or proof is configured.
The skill can be used automatically for matching translation tasks and the service is pay-per-request, so repeated invocations could incur costs.
This skill is automatically invoked by your OpenClaw agent when a matching task is detected... $0.12 per request
Use sandbox mode for testing and set clear agent spending limits or require confirmation before paid requests.
Anyone with the configured payment proof may be able to use the paid service under that proof.
The skill requires a payment proof or payment credential to access the paid translation endpoint.
requires:\n env: [NEXUS_PAYMENT_PROOF]... X-Payment-Proof: <masumi_payment_id>
Treat NEXUS_PAYMENT_PROOF like a credential, avoid sharing it, and rotate or remove it if it is no longer needed.
Text submitted for translation leaves the local agent environment and is processed by NEXUS servers.
The artifacts clearly disclose that user input is sent to an external AI service for processing.
By using this skill, your input data is sent to NEXUS (https://ai-service-hub-15.emergent.host) for AI processing.
Do not send confidential or regulated text unless you trust the provider and its retention/privacy terms.
Users have less external information to verify who operates the paid service or how it is maintained.
The registry metadata does not provide a source repository or homepage, limiting independent provenance review.
Source: unknown\nHomepage: none
Review the provider documentation and service terms before relying on it for sensitive or high-volume use.