Nexus Safe
ReviewAudited by ClawScan on May 1, 2026.
Overview
Nexus Safe appears coherent and local-only, but it can read Docker/PM2 logs and restart allowlisted services when recovery is enabled.
Before installing, make sure you are comfortable letting the agent inspect Docker/PM2 status and logs on this machine. Only enable recovery with narrow NEXUS_SAFE_ALLOWED_DOCKER and NEXUS_SAFE_ALLOWED_PM2 lists, keep the restart rate limits in place, avoid --force for routine use, and consider pinning psutil during setup.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled and allowlisted, the agent can restart local services, which may briefly disrupt applications or production workloads.
The skill can restart Docker containers or PM2 processes, which is powerful but disclosed and guarded by an enable flag, allowlists, log freshness checks, and rate limiting.
if not ALLOW_RESTARTS: exit_with_error(3, "Restarts disabled by policy") ... args = ['docker', 'restart', target] if is_docker else ['pm2', 'restart', target]
Keep NEXUS_SAFE_ALLOW_RESTARTS disabled unless needed, use narrow allowlists, review logs before recovery, and avoid --force except for intentional manual overrides.
Installing this where the agent has Docker or PM2 access gives it the ability to inspect and, when configured, restart services available to that account.
The declared command permissions rely on the installing user's local Docker and PM2 privileges; that is expected for service management but can affect important workloads.
"permissions": { "filesystem": ["read", "write:~/.nexus-safe/"], "network": ["none"], "commands": ["docker", "pm2"] }Install it only under an account whose Docker/PM2 access you are comfortable delegating, and avoid granting broader host privileges than necessary.
A future or environment-specific package resolution could differ from what the author tested.
The setup uses a user-directed, unpinned Python package install; this is common and purpose-aligned, but package provenance and version pinning are not specified.
1. `pip install psutil`
Install psutil from a trusted package index and consider pinning a known-good version in controlled environments.
Application logs can contain secrets, tokens, customer data, or misleading text; those contents may be visible to the agent while diagnosing issues.
The skill retrieves service logs into the agent/user context and persists local timestamps/audit entries, which is expected for diagnostics but may expose sensitive log contents to the session.
out = run_cmd(['docker', 'logs', '--tail', str(lines), target], T_LOGS).stdout ... state["last_logs"][target] = time.time(); save_state(state); log_audit("LOGS", target, "OK")Use the log feature only for intended services, keep sensitive values out of application logs, and clear ~/.nexus-safe if local audit/state records are no longer wanted.