ClawHub

Nexus — Ops OS for AI Agents

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Nexus business-operations skill with broad but disclosed capabilities and explicit write-confirmation guidance.

Install only if you trust Nexus and need an agent to access this business workspace. Use a dedicated, expiring, least-privilege NEXUS_API_KEY, prefer read-only scope, avoid admin scope unless necessary, and manually approve the exact record, recipient, message, post, invite, call, or fulfillment action before any write.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The document states that distributed skills should default to read-only behavior and require explicit confirmation before writes, but it only provides advisory text while also enumerating many write-capable tools and workflows. In a shareable agent skill context, that gap can lead implementers to expose mutation capabilities without any built-in guardrails, increasing the chance of unauthorized or accidental state changes.

Intent-Code Divergence

Low
Confidence
79% confidence
Finding
The guidance warns against publishing a live PostgREST anon key in distributed skills, but then suggests frontend-style public environment variables such as VITE_SUPABASE_ANON_KEY and NEXT_PUBLIC_SUPABASE_ANON_KEY. In many deployment models these names imply client exposure, which can normalize insecure secret handling and cause operators to place credentials in publicly readable contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal