NEXUS Trust Score
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a clearly described paid trust-score API, but it should be reviewed because it can involve wallet payments or signed transactions without explicit per-request spending controls in the artifacts.
Install only if you are comfortable sending wallet/query data to the NEXUS endpoint and potentially paying $0.75 per request. Use sandbox mode first, require explicit approval for any wallet payment or signed transaction, verify the payment destination and amount, and protect the `NEXUS_PAYMENT_PROOF` value.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user agent following the skill could spend funds or submit signed payment transactions as part of a trust-score request without clear artifact-level safeguards.
The intended workflow includes paid blockchain transactions and submitting a signed Stellar transaction to the service, but the artifacts do not define per-request approval, spending limits, retry limits, or independent payee/amount checks.
Price: $0.75/request ... Send payment to the `payTo` address for `maxAmountRequired` ... POST your signed XDR to `https://ai-service-hub-15.emergent.host/api/mpp/stellar/sponsor`
Require explicit user approval before every payment or signed transaction, enforce a small spending limit, verify the destination and amount, and prefer the sandbox mode until configured.
Anyone or any agent process with access to this credential may be able to use the paid service under that proof.
A payment proof credential is required to access the paid service; this is expected for the integration, but it is still delegated payment/service authority.
requires: env: [NEXUS_PAYMENT_PROOF] ... `X-Payment-Proof: <masumi_payment_id>`
Store `NEXUS_PAYMENT_PROOF` securely, use the least-privileged or sandbox proof where possible, and rotate or revoke it if exposed.
Wallet addresses, agent identifiers, and any extra query text are shared with the NEXUS service.
The skill clearly discloses that inputs are sent to an external provider and processed by server-side models.
By using this skill, your input data is sent to NEXUS ... for AI processing. ... uses LLM models ... server-side
Avoid sending private or unnecessary data, and install only if you trust the NEXUS endpoint and its handling of submitted requests.
Users have less registry-level provenance for verifying the provider behind the payment endpoint.
The registry does not provide source or homepage provenance for this paid external-service skill, even though the README and SKILL.md list provider URLs.
Source: unknown; Homepage: none
Verify the NEXUS service domain and documentation independently before configuring payment credentials or making purchases.