Nexus — Ops OS for AI Agents
Interact with Nexus, a multi-tenant Ops OS for ecommerce and retail businesses. Requires a NEXUS_API_KEY environment variable (agent API key with prefix nxs_...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 80 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md clearly targets Nexus (CRM, orders, inventory, messaging) and requires an agent API key (NEXUS_API_KEY). That credential is appropriate for the described functionality. However, the skill registry metadata (requirements list) does not declare any required environment variable or primary credential — an inconsistency between metadata and runtime instructions.
Instruction Scope
The instructions are focused: read NEXUS_API_KEY from environment (or prompt user to register), exchange it for a short-lived JWT, and call the documented MCP endpoints. They do not instruct reading unrelated files or other secrets, nor do they send data to unexpected endpoints. They do instruct the agent to prompt the user for owner_email/org when registering and to store the returned API key as NEXUS_API_KEY.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer. This is the lowest-risk install mechanism.
Credentials
The SKILL.md requires a single credential (NEXUS_API_KEY with prefix nxs_ak_), which is proportionate for a third-party API. But the registry metadata failing to list this required env var or a primary credential is concerning: callers may not be warned that a secret must be provided. Also, the API supports write operations (create orders, send messages); if the provided key has write/admin scopes the agent could perform impactful actions. The SKILL.md mentions plan-based capability limits (free=read-only), but the skill allows write operations when credentials/plans permit.
Persistence & Privilege
always is false and the skill is user-invocable. Model invocation is allowed (default), so an agent could autonomously call the Nexus API if granted the API key — this is expected behavior for skills. There is no indication the skill modifies other skills or system-wide settings.
What to consider before installing
This skill appears to be what it claims (a Nexus connector) but the package metadata omits the required NEXUS_API_KEY — that's an inconsistency you should confirm with the publisher before installing. If you proceed: 1) Only provide an agent API key with the minimum privileges (use a read-only/dev key if available) because the API supports writes (creating orders, sending messages). 2) Be aware the agent may act autonomously (default) using that key; restrict the agent or the key if you want to prevent automated writes. 3) Verify the endpoints (api.nexus.aiforstartups.io) and the key prefix (nxs_ak_) are legitimate for your organization before registering. 4) Ask the publisher to update registry metadata to declare NEXUS_API_KEY as required so platform tooling can surface the credential need explicitly.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.4
Download zipai chatcrm. ecommercefulfillementinventorylatestmcporderswhatsapp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Environment variables
NEXUS_API_KEYrequired— Agent API key (prefix nxs_ak_). Obtain via self-registration at nexus.aiforstartups.io — no human approval required.SKILL.md
Nexus — Ops OS for AI Agents
Nexus is a multi-tenant operations platform covering CRM, orders, inventory, fulfillment, shipping, omnichannel messaging, social media, and analytics — accessible via a single MCP server.
API Base URL
https://api.nexus.aiforstartups.io/functions/v1
Credentials
Read NEXUS_API_KEY from the environment variable. If not set, prompt the user to register at https://nexus.aiforstartups.io and provide their agent API key.
Do not use raw Supabase URLs or nexus.aiforstartups.io/api/v1 — both return 404.
Authentication
Exchange the API key for a short-lived JWT (valid 1 hour) before every session:
curl -s -X POST "https://api.nexus.aiforstartups.io/functions/v1/agent-auth" \
-H "Content-Type: application/json" \
-d '{"api_key": "$NEXUS_API_KEY"}'
Returns access_token. Use as Authorization: Bearer <token> for all MCP calls. Re-authenticate on HTTP 401.
Registration (first-time)
If the user has no API key:
curl -s -X POST "https://api.nexus.aiforstartups.io/functions/v1/agent-register" \
-H "Content-Type: application/json" \
-d '{
"agent_name": "<agent-name>",
"agent_platform": "openclaw",
"owner_email": "<owner-email>",
"organization_name": "<org-name>",
"plan": "free"
}'
The returned api_key is shown once — store it as the NEXUS_API_KEY environment variable.
MCP Server
All tool calls go to:
POST https://api.nexus.aiforstartups.io/functions/v1/mcp-server
Required headers:
Authorization: Bearer <JWT>Content-Type: application/jsonAccept: application/json, text/event-stream
Initialize before first tool call:
{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"<agent-name>","version":"1.0.0"}}}
Call a tool:
{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"<tool-name>","arguments":{...}}}
Available Tools
CRM & Contacts
| Tool | Scope | Description |
|---|---|---|
nexus_list_contacts | read | List/search contacts (phone, email, journey_stage, search) |
nexus_get_contact | read | Get full contact details + recent orders |
nexus_create_contact | write | Create a new contact |
nexus_update_contact | write | Update contact fields |
Orders
| Tool | Scope | Description |
|---|---|---|
nexus_list_orders | read | List orders with filters |
nexus_get_order | read | Get order with line items |
nexus_create_order | write | Create order with line items |
nexus_update_order_status | write | Move order through lifecycle |
Inventory
| Tool | Scope | Description |
|---|---|---|
nexus_list_inventory | read | List inventory items |
nexus_check_stock | read | Check stock by item_id or SKU |
Omnichannel Messaging
| Tool | Scope | Description |
|---|---|---|
nexus_list_conversations | read | List conversations (whatsapp, facebook, instagram) |
nexus_send_message | write | Send message on existing conversation |
Search
| Tool | Scope | Description |
|---|---|---|
nexus_search | read | Global search across contacts, orders, inventory |
Social Media & Content Calendar
| Tool | Scope | Description |
|---|---|---|
nexus_list_social_posts | read | List posts from content calendar |
nexus_get_social_post | read | Get full post details |
nexus_create_social_post | write | Create draft or scheduled post |
nexus_update_social_post | write | Update content, status, or schedule |
nexus_delete_social_post | write | Delete draft or scheduled post |
nexus_list_social_accounts | read | List connected social accounts |
nexus_get_social_analytics | read | Get engagement analytics |
nexus_get_content_calendar | read | View upcoming scheduled posts |
Plan Limits
| Tier | Price | MCP Scopes |
|---|---|---|
| Free | $0 | read only |
| Starter | $99/mo | read + write |
| Growth | $199/mo | read + write + admin |
| Scale | $599/mo | full + AI suite |
Free tier agents can explore and read all data. Write access (create orders, send messages, etc.) requires Starter or above.
Reference
See references/api-reference.md for full endpoint list, order lifecycle, error codes, and tool schemas.
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…