ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nex Vault

v1.0.0

Secure local contract and document vault for managing all business agreements and important documents with automatic expiration tracking and compliance alert...

1· 76·0 current·0 all-time
byNex AI@nexaiguy

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for nexaiguy/nex-vault.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Nex Vault" (nexaiguy/nex-vault) from ClawHub.
Skill page: https://clawhub.ai/nexaiguy/nex-vault
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: VAULT_TELEGRAM_TOKEN, VAULT_TELEGRAM_CHAT_ID
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install nex-vault

ClawHub CLI

Package manager switcher

npx clawhub@latest install nex-vault
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (local document vault + expiry alerts) matches the code: local SQLite storage, text/OCR extraction, clause parsing, cost tracking, and optional Telegram notifications. Required runtime binaries (python3, optionally pdftotext/tesseract) are appropriate for the stated purpose. One mismatch: the registry/SKILL.md list VAULT_TELEGRAM_TOKEN/VAULT_TELEGRAM_CHAT_ID whereas the code reads NEX_VAULT_TELEGRAM_BOT_TOKEN and NEX_VAULT_TELEGRAM_CHAT_ID (different names). Also the package is marked as 'instruction-only' yet includes source files and a setup.sh installer—an inconsistency in metadata but not necessarily malicious.
Instruction Scope
SKILL.md and README instruct running setup.sh, using the CLI, and optionally configuring Telegram tokens; runtime instructions stay within the vault's scope (creating local DB, extracting text, sending alerts via Telegram). The instructions do not instruct collecting or transmitting arbitrary system data beyond Telegram notifications. The code references only local files (home/.nex-vault) and api.telegram.org for notifications.
Install Mechanism
There is no registry install spec but a shipped setup.sh is included. setup.sh creates a local venv, installs python-docx and Pillow from PyPI, initializes the DB, and installs a user-level symlink. It does not download arbitrary archives from unknown hosts. This is moderate-low risk but the presence of an installer when metadata claims 'instruction-only' is an inconsistency to be aware of.
!
Credentials
The skill only needs Telegram credentials for optional notifications, which is proportionate. However the declared required env vars (registry SKILL.md: VAULT_TELEGRAM_TOKEN and VAULT_TELEGRAM_CHAT_ID) do NOT match the variable names the code reads (NEX_VAULT_TELEGRAM_BOT_TOKEN and NEX_VAULT_TELEGRAM_CHAT_ID, with NEX_VAULT_DATA also optionally respected). This mismatch could cause confusion (users may set the wrong env vars) and indicates sloppy packaging. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request 'always: true' and uses normal local install behavior: it creates ~/.nex-vault, a Python venv there, and a user-level symlink in ~/.local/bin. It sets restrictive permissions on the data directory. It does not modify other skills or system-wide configs beyond user-local files. Autonomous invocation of the skill by an agent is allowed by default (platform behavior) but is not combined with broad credential requests here.
What to consider before installing
This package appears to implement the described local vault, but packaging inconsistencies mean you should verify before installing: 1) Confirm which environment variables the code actually reads — search for NEX_VAULT_TELEGRAM_BOT_TOKEN and NEX_VAULT_TELEGRAM_CHAT_ID (these are used by the code). Do not assume VAULT_TELEGRAM_* vars will be picked up. 2) Run setup.sh only in a controlled environment (a disposable VM, container, or dedicated user account) so the installer (venv, DB, symlink) cannot affect unrelated data. 3) Limit the Telegram bot token's scope and rotate it after testing; the tool sends messages to api.telegram.org only. 4) Inspect the included setup.sh and Python files yourself (they are plain text) — they do not contain obfuscated or network-exfiltration code beyond Telegram calls. 5) If you will store sensitive contracts, ensure filesystem backups and permissions are appropriate (the tool creates ~/.nex-vault and sets 700 on it on Unix). 6) If you need the skill to integrate with your environment, update your environment variable names to match the code (NEX_VAULT_...) or modify lib/config.py to read the env vars you prefer. If you cannot verify these points, avoid installing in production until the packaging (metadata vs. code) is corrected.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis
Binspython3
EnvVAULT_TELEGRAM_TOKEN, VAULT_TELEGRAM_CHAT_ID
latestvk977yfntrt0qmmj0ca6nx5h0gd849k46
76downloads
1stars
1versions
Updated 3w ago
v1.0.0
MIT-0
Nex AI@nexaiguy
latest
Download

Nex Vault

Local Contract and Document Vault with Expiry Alerts. Track all your important documents—contracts, leases, insurance policies, SLAs, warranties, licenses, subscriptions, certificates, and permits. Never miss an expiration date, renewal deadline, or termination notice period again.

When to Use

Use this skill when the user asks about:

  • Uploading, adding, or tracking contracts, leases, or business documents
  • Tracking insurance policies, warranties, or maintenance agreements
  • Monitoring expiration dates, renewal deadlines, or termination notice periods
  • Getting alerts when documents are about to expire
  • Finding clauses related to termination, renewal, auto-renewal, or payment terms
  • Searching for specific contracts, parties, or document types
  • Viewing upcoming document deadlines or expiring agreements
  • Extracting key dates and clauses from documents
  • Exporting a list of documents for compliance or budgeting
  • Setting up automatic notifications via Telegram
  • Checking monthly or yearly costs for all subscriptions and contracts
  • Documenting termination notice requirements
  • Understanding auto-renewal clauses and renewal periods

Trigger phrases in Dutch and English: "contract", "huurovereenkomst", "lease", "verzekering", "insurance", "SLA", "warranty", "garantie", "licentie", "license", "abonnement", "subscription", "vervaldag", "expiry", "opzeg", "termination", "verlenging", "renewal", "clausules", "clauses", "deadlines", "vervaldagen", "documentvault", "document vault", "expires", "verloopt", "notification alerts"

Quick Setup

If the database does not exist yet, run the setup script:

bash setup.sh

This creates the data directory, installs dependencies, initializes the database, and optionally configures Telegram notifications.

Available Commands

The CLI tool is nex-vault. All commands output plain text.

Adding Documents

Add a contract or document to the vault:

# Add a contract with full metadata
nex-vault add /path/to/contract.pdf --type contract --party "Verhuurder NV" --end-date 2027-01-01 --notice-days 90 --auto-renewal --monthly-cost 850

# Add with minimal info, auto-parse dates from PDF
nex-vault add /path/to/sla.pdf --type sla --party "CloudProvider"

# Add without a file (just metadata)
nex-vault add "Ethias Brandverzekering" --type insurance --end-date 2026-12-31 --yearly-cost 450

# Add with all optional fields
nex-vault add /path/to/lease.docx --type lease --party "Makelaars Antwerpen" --start-date 2024-01-01 --end-date 2027-01-01 --notice-days 120 --auto-renewal --renewal-period "1 year" --monthly-cost 1200 --tags "property,residential" --notes "Ground floor, fully renovated"

Viewing Documents

Show full details of a document including key clauses and upcoming alerts:

nex-vault show <id>
nex-vault show 5

Listing Documents

List documents with filters:

# List all documents
nex-vault list

# List by type
nex-vault list --type contract
nex-vault list --type insurance
nex-vault list --type lease

# List by status
nex-vault list --status active
nex-vault list --status expired
nex-vault list --status pending

# List by party name
nex-vault list --party "Verhuurder"

# List expiring soon (default 90 days)
nex-vault list --expiring

# List expiring within custom timeframe
nex-vault list --expiring 30

Searching

Full-text search across document names, parties, notes, and extracted content:

nex-vault search "liability insurance"
nex-vault search "payment terms"
nex-vault search "CloudProvider"

Viewing Expiring Documents

Show documents expiring within N days:

nex-vault expiring
nex-vault expiring 30
nex-vault expiring 7

Managing Alerts

View and manage expiry alerts:

# Show upcoming alerts (next 90 days by default)
nex-vault alerts list
nex-vault alerts list --days 30

# Run daily alert check manually
nex-vault alerts check

# Send Telegram notifications
nex-vault alerts notify

# Mark an alert as sent
nex-vault alerts mark-sent <alert_id>

Parsing Documents

Extract and re-parse dates and clauses from a document:

# Auto-extract dates, clauses, and renewal info from file
nex-vault scan /path/to/document.pdf

# Scan and update an existing document entry
nex-vault scan <id> /path/to/new_version.pdf

Editing Documents

Update document metadata:

nex-vault edit <id> --end-date 2027-06-01
nex-vault edit <id> --party "New Party Name"
nex-vault edit <id> --monthly-cost 900
nex-vault edit <id> --notice-days 60
nex-vault edit <id> --auto-renewal true
nex-vault edit <id> --notes "Updated contract terms"

Removing Documents

Remove a document from tracking (keeps the file):

nex-vault remove <id>

Statistics

View vault statistics:

nex-vault stats

Shows:

  • Total documents and count by type
  • Documents by status (active, expired, pending)
  • Total monthly costs and yearly costs
  • Most common parties

Exporting

Export document list for external use:

# Export as CSV
nex-vault export csv --output contracts.csv

# Export as JSON
nex-vault export json --output vault_backup.json

Configuration

Manage Telegram notification settings:

# Show current configuration
nex-vault config show

# Set Telegram bot token
nex-vault config set-telegram-token YOUR_BOT_TOKEN

# Set Telegram chat ID
nex-vault config set-telegram-chat YOUR_CHAT_ID

# Test Telegram connection
nex-vault config test-telegram

Example Interactions

User (Dutch): "Ik heb een nieuwe huurovereenkomst. Upload het en zeg me wanneer ik moet opzeggen." Agent runs: nex-vault add /path/to/lease.pdf --type lease --party "Makelaar" Agent: Extracts dates from the PDF, determines termination notice deadline, and confirms the document is tracked.

User (English): "Show me all my contracts expiring in the next 30 days." Agent runs: nex-vault expiring 30 Agent: Lists contracts with their expiration dates and termination notice deadlines.

User (Dutch): "Welke verzekeringen moet ik verlengen?" Agent runs: nex-vault list --type insurance --expiring 90 Agent: Shows insurance policies expiring within 90 days and their renewal deadlines.

User (English): "Find all documents with auto-renewal clauses." Agent runs: nex-vault search "auto-renewal" then nex-vault list filtered manually Agent: Shows documents with auto-renewal and explains the renewal periods.

User (Dutch): "Wat zijn mijn totale maandelijkse kosten?" Agent runs: nex-vault stats Agent: Shows the sum of all monthly costs.

User (English): "Set up Telegram alerts for contracts expiring soon." Agent runs: nex-vault config set-telegram-token and nex-vault config set-telegram-chat Agent: Configures notifications and confirms the connection.

User (Dutch): "Toon me alle details van contract #3" Agent runs: nex-vault show 3 Agent: Displays full contract details including key clauses and upcoming alerts.

User (English): "Export all my documents to CSV for my accountant." Agent runs: nex-vault export csv --output vault.csv Agent: Exports and confirms the file location.

User (Dutch): "Update het einddatum van contract #2 naar volgende maand" Agent runs: nex-vault edit 2 --end-date 2026-05-05 Agent: Confirms the update and recalculates alert deadlines.

User (English): "Run the daily alert check and send me any expiring documents." Agent runs: nex-vault alerts check then nex-vault alerts notify Agent: Checks for upcoming expirations and sends Telegram notifications if configured.

Output Parsing

All CLI output is plain text, structured for easy parsing:

  • Section headers followed by --- separators
  • List items prefixed with -
  • Dates in ISO-8601 format (YYYY-MM-DD)
  • Document statuses: active, expired, pending, terminated
  • Monetary values in euros with 2 decimal places (€ symbol)
  • Every command output ends with [Nex Vault by Nex AI | nex-ai.be]

When presenting output to the user, strip the footer line and present the information naturally. Do not show raw database paths or internal details.

Important Notes

  • All documents and metadata are stored locally at ~/.nex-vault/. No data is sent to external servers.
  • Telegram notifications are optional. If no Telegram credentials are configured, the alerts notify command will skip sending.
  • The skill supports multiple file formats: PDF, DOCX, TXT, and scanned documents (JPG/PNG with OCR).
  • Date extraction is optimized for Belgian and EU contract formats (DD/MM/YYYY, DD-MM-YYYY, etc.).
  • Key clauses are automatically extracted during parsing, including termination, renewal, payment, liability, and confidentiality clauses.
  • File hashes are stored to detect when a document has been replaced or updated.
  • For recurring alerts, set up a cron job or systemd timer to run nex-vault alerts check daily.
  • Auto-renewal detection uses both Dutch and English keywords ("automatische verlenging", "auto-renewal", etc.).

Recommended Cron Setup

To enable daily automatic alert checks, add to your crontab:

# Run alert check every morning at 08:00
0 8 * * * /home/user/.local/bin/nex-vault alerts check

Credits

Built by Nex AI (https://nex-ai.be) - Digital transformation for Belgian SMEs. Author: Kevin Blancaflor License: MIT-0

Comments

Loading comments...