ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NEXUS Trust Score

v1.0.0

Generate on-chain trust scores for wallets and agents using Masumi transaction data on Cardano

0· 173·0 current·0 all-time
by@cyberforexblockchain
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (on‑chain trust scores via Masumi on Cardano) match the runtime instructions: a POST to an external NEXUS trust‑score API using an X-Payment-Proof header. No unrelated binaries or credentials are requested.
Instruction Scope
SKILL.md only instructs the agent to POST JSON to the declared endpoint, include the NEXUS_PAYMENT_PROOF header, and parse the JSON response. It does not instruct reading local files, running shell commands, or collecting other environment data. Note: all user inputs are sent to a third party and processed server‑side by LLMs as stated.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is downloaded or written to disk by the skill itself, which minimizes installation risk.
Credentials
Only one env var (NEXUS_PAYMENT_PROOF) is required, which is appropriate for a payment‑gated API. However this is a sensitive value (payment proof / credential) that will be sent to the external service; the skill provides no local verification steps and relies on the remote service for Masumi verification.
Persistence & Privilege
The skill does not request always:true, does not declare filesystem or shell permissions, and does not require modifying other skills or system settings.
Assessment
This skill sends your query and a payment proof value (NEXUS_PAYMENT_PROOF) to https://ai-service-hub-15.emergent.host for server‑side processing by third‑party LLMs. Before installing: 1) Verify you trust the service (no homepage or independent provenance is included here); 2) Test with sandbox_test and non‑sensitive inputs first; 3) Do not store or reuse high‑value private keys or wallet credentials as the payment proof or input; 4) Review the provider's privacy and payment verification docs (Masumi integration) and confirm the domain is legitimate; and 5) If you require local/verifiable on‑chain scoring, consider using your own Masumi/Cardano tooling instead of sending data to a third party.

Like a lobster shell, security has layers — review code before you run it.

latestvk972pqgak14syr4ps5pwx0dwnd82tpgs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
EnvNEXUS_PAYMENT_PROOF
Primary envNEXUS_PAYMENT_PROOF

Comments