Nex.ai
ReviewAudited by ClawScan on May 10, 2026.
Overview
Nex appears to be a disclosed Nex.ai API integration, but it can send and modify organizational context, so use minimal API scopes and confirm write/delete actions.
Install this if you want OpenClaw to use Nex as an external organizational context graph. Use a dedicated, least-privileged Nex API key; grant write/delete scopes only when needed; confirm destructive or schema-changing actions; avoid submitting confidential conversations unless Nex is approved by your organization; and if installing manually, copy scripts/nex-api.sh as well as SKILL.md.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Manual installation may fail or lead users to improvise unreviewed API commands if the wrapper script is missing.
The manual install instructions copy only SKILL.md, while the skill depends on scripts/nex-api.sh as its reviewed API wrapper. A manual install could omit the helper script unless the user copies it separately.
cp SKILL.md ~/.openclaw/workspace/skills/nex/
Install the full package or copy scripts/nex-api.sh along with SKILL.md, and verify that API calls use the included wrapper.
If the Nex API key has write permissions, the agent can create, update, or delete Nex records or related objects.
The wrapper intentionally supports mutating API methods. This is purpose-aligned for a record-management skill, and the host is fixed to Nex, but these methods can change account data when invoked.
# WRITES: Depends on method (POST/PUT/PATCH/DELETE modify data)
Require explicit user confirmation for destructive or schema-changing operations, and prefer read-only scopes unless writes are needed.
A broadly scoped API key would let the agent modify or delete business context in Nex.
The skill relies on a Nex API key whose scopes can include write and delete authority over organizational records.
`record.write` | Create, update, upsert, delete records
Create a dedicated Nex API key with the least privileges needed, such as read-only for query use cases, and rotate or revoke it if no longer needed.
Sensitive or incorrect conversation details could become persistent context that the agent reuses later.
The skill’s core function is to persist conversation-derived organizational context for later retrieval and insight generation.
It builds a Context Graph from your conversations
Review generated records and insights, avoid sending secrets or highly sensitive conversations unless approved, and use Nex controls to correct or delete stored context.
Information shared with the skill may leave the local agent environment and be processed by Nex.
The skill clearly discloses that organizational text, records, and insights are sent to the external Nex API provider.
`https://app.nex.ai/api/developers/v1/*` | GET, POST, PUT, PATCH, DELETE | Context queries, records, insights, text content
Use the skill only where Nex is an approved data processor for the relevant organizational content, and review Nex privacy and retention settings.