Pluginv1.6.2

ClawScan security

Nexus Hub Channel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 4, 2026, 3:06 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The plugin's code and instructions broadly match a Nexus Hub channel, but there are inconsistencies (undeclared environment usage and baked-in example endpoints) that you should review before installing.
Guidance: What to check before installing: - Confirm the hub2d endpoint: README/examples use ws://111.231.105.183:3001 and related curl checks — verify you trust that host or replace with your own Nexus Hub URL. Do not assume example IPs are safe. - Environment variable usage: the code will read process.env.NEXUS_API_KEY as a fallback for nexusApiKey even though the skill metadata lists no required env vars. If you set NEXUS_API_KEY in your environment it will be used for Hub HTTP requests; avoid putting high-privilege keys in your shell environment unless intended. - Gateway token and local network calls: the plugin calls a local OpenClaw gateway at 127.0.0.1:<gatewayPort> to perform chat completions. Ensure that local gateway is the one you expect and that its tokens are limited in scope. - Sandbox first: install and test the plugin in an isolated/dev OpenClaw node (or VM/container) to observe outbound connections (hub2d host and local gateway) and verify behaviour before deploying into production. - Review provenance: prefer installing from the official OpenClaw registry or a vetted npm package; if using the included tarball, verify package contents and signatures. - If you need help interpreting any of the code paths that call external endpoints (hub context API, /api/agents, or local gateway), ask for a focused code walkthrough. Additional information that would raise confidence: explicit documentation in metadata about NEXUS_API_KEY usage, a trusted homepage or repository with maintainer/issue history, and confirmation that example IPs are placeholders.

Review Dimensions

Purpose & Capability: noteThe code implements a WebSocket-based Nexus Hub channel (room events, context fetch, A2A dispatch, resume tokens, local gateway calls) which matches the name/description. The presence of many source files and bundled tarballs aligns with a full plugin implementation rather than a tiny instruction-only helper.
Instruction Scope: okSKILL.md stays within channel plugin scope: it documents install via OpenClaw, config locations (~/.openclaw/openclaw.json), resume token path (~/.openclaw/state/nexus-resume.json), and an SSH tunnel option. It does not instruct reading arbitrary user files or exfiltrating data beyond interacting with Nexus Hub and the local OpenClaw gateway.
Install Mechanism: noteNo automated install spec is provided (instruction-only install flow), but full source and packaged tgz files are included in the bundle — installs are expected via the OpenClaw plugin manager or npm pack. There is no remote download during install from an unknown server in the provided manifests.
Credentials: concernRegistry metadata declares no required env vars, but the code (hub/api-client.js) will fall back to process.env.NEXUS_API_KEY when building Hub HTTP auth headers. The plugin also expects a gateway token (configured in OpenClaw config) and makes network calls to hub2d (configurable, example IP 111.231.105.183) and to a local gateway (127.0.0.1:port). The fact that an environment variable can influence outbound auth is not documented in the SKILL.md/metadata — this mismatch is the main proportionality concern.
Persistence & Privilege: okThe plugin persists resume tokens to ~/.openclaw/state/nexus-resume.json and updates OpenClaw config via the documented setup flow; it does not request always:true or modify other skills' configs beyond normal channel setup. Autonomous invocation is allowed (default) which is expected for a channel plugin.