Nexus Safe
v0.1.6Provides local system health monitoring and controlled service restarts for Docker and PM2 with full privacy and zero external calls.
⭐ 0· 453·0 current·0 all-time
byMarouane@mrnsmh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code (monitor.py) implements local health checks and policy-controlled Docker/PM2 restarts which match the skill description. However, the top-level registry metadata provided to you lists no required binaries or environment variables, while _meta.json and the code clearly expect docker, pm2, and several NEXUS_SAFE_* environment variables. That mismatch is unexpected and worth investigating.
Instruction Scope
SKILL.md and README clearly state the tool is 100% local and only requires network access during initial pip install of psutil; monitor.py performs only local operations (psutil metrics, docker/pm2 subprocess calls, and local state/audit file writes). The SKILL.md omits explicit guidance for the required env variables (their names appear only in code/_meta.json), which is a gap that could lead to misconfiguration.
Install Mechanism
This is instruction-only (no installer). It requires installing the psutil Python package with pip (internet required during setup). No downloads or archive extraction occur as part of an automated install spec included with the skill.
Credentials
The code expects several environment settings (NEXUS_SAFE_ALLOW_RESTARTS, NEXUS_SAFE_ALLOWED_DOCKER, NEXUS_SAFE_ALLOWED_PM2, etc.) which are proportionate to the stated capability (allowlists, enabling restarts). The concern is that the registry metadata initially presented to you said 'none' for required env vars/binaries while _meta.json contains them — this inconsistency could hide required configuration or lead to accidental enabling of privileged actions.
Persistence & Privilege
The skill requests local filesystem write/read under ~/.nexus-safe to store state and an audit log, which is reasonable for rate-limiting and auditing. It does not request network access, does not change other skills, and is not force-enabled (always:false).
What to consider before installing
This skill appears to do what it says (local monitoring + policy-controlled restarts), but there are packaging and documentation gaps you should address before enabling it to perform restarts:
- Verify required binaries and env vars: _meta.json and monitor.py require docker, pm2, and NEXUS_SAFE_* environment variables. The registry metadata you were shown contradicted this — confirm which is authoritative and set ALLOWED lists explicitly.
- Keep restarts disabled by default: leave NEXUS_SAFE_ALLOW_RESTARTS unset/false until you’ve tested behavior in dry-run mode and reviewed audit.log entries in ~/.nexus-safe/audit.log.
- Test with dry-run: use the --dry-run option to confirm which commands the skill would execute and that the allowlist protects only intended services.
- Inspect and control inputs: ensure any values passed as service names come from trusted sources (the code uses subprocess.run with argument lists, which mitigates shell injection, but validating service names is still good practice).
- Install deps manually from a trusted environment: pip install psutil from an environment you control; there is no installer bundled with the skill.
If you want higher assurance, ask the publisher to correct the registry metadata to list required binaries/env vars in the public manifest and to document explicit setup steps for the allowlists and enabling restarts.Like a lobster shell, security has layers — review code before you run it.
latestvk97cz8gmdzv24zf49pw2p36x1181srg5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.