Skillv1.1.0

ClawScan security

NEXUS Trust Score · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 5:16 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (on‑chain trust scoring) but it sends user input and a payment credential to an external, undocumented host (ai-service-hub-15.emergent.host) from an unknown source — verify the provider and treat the payment credential as sensitive before installing.
Guidance: This skill appears to do what it says (generate trust scores) and only needs a payment proof. The main risk is trust in the remote service: ai-service-hub-15.emergent.host is the only endpoint and the skill has no homepage or published source to verify. Before installing: (1) confirm the provider's legitimacy and read its docs/terms at that domain, (2) test with the sandbox value (X-Payment-Proof: sandbox_test) first, (3) avoid sending sensitive/private data in requests, (4) treat NEXUS_PAYMENT_PROOF as a secret — only use short-lived or single-use credentials if possible and rotate them if you suspect compromise, and (5) prefer installing only if you trust the external service; otherwise do not install. If you want higher assurance, ask the publisher for source code or an official homepage and a description of how payment credentials are generated and revoked.

Review Dimensions

Purpose & Capability: okName/description (on‑chain trust scores using Masumi/Cardano) align with the declared requirements: a payment proof (NEXUS_PAYMENT_PROOF) and network access. No unrelated binaries or unrelated environment variables are requested.
Instruction Scope: noteSKILL.md instructs the agent to POST user input and payment headers to https://ai-service-hub-15.emergent.host and to use Masumi/MPP/x402 payment flows (including posting signed Stellar XDR for fee sponsorship). This is consistent with the payment‑for‑service model, but it means user data and the payment proof are transmitted off‑agent. The instructions do not request unrelated system files or extra env vars, but they rely entirely on an external host that has no homepage listed in the skill metadata.
Install Mechanism: okInstruction‑only skill with no install spec and no bundled code — lowest install risk. Nothing is downloaded or written by the skill itself.
Credentials: noteOnly NEXUS_PAYMENT_PROOF is required (declared as primaryEnv), which is appropriate for a paid API. However this is a sensitive payment credential that will be sent to the external service as an HTTP header; if the credential is long‑lived or reusable, exposing it to an untrusted host is risky. The skill documentation recommends a sandbox value for testing.
Persistence & Privilege: okNo elevated privileges requested: always:false, no filesystem access, no shell access, and the skill does not attempt to modify other skills or system settings. Autonomous invocation is allowed by default but not unusual.