Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
NEXO Brain
v5.8.1Cognitive memory system for AI agents — Atkinson-Shiffrin memory model, semantic RAG, trust scoring, and metacognitive error prevention. Gives your agent per...
⭐ 1· 643·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (persistent, local cognitive memory) matches the need for persistent storage and a background process. However, the skill declares only an npm install and requires python3 — the SKILL.md instructs installing via npx (Node) but then configuring a Python MCP server (~/.nexo/server.py). That mixed runtime (node -> python server) is plausible but unexpected and should be explained.
Instruction Scope
The SKILL.md instructs editing the OpenClaw gateway config (~/.openclaw/openclaw.json) to add a server entry, setting NEXO_HOME, and running a long-lived Python server from ~/.nexo/server.py. The registry metadata did not declare these config paths or the NEXO_HOME env var. The instructions therefore ask the user/agent to modify system-level config and to create/read files under the user's home without those paths being declared.
Install Mechanism
Install is via an npm package (nexo-brain) which is a reasonable distribution method. Using npx runs remote package code at install/run time — moderate risk if the package is unreviewed. There is no download from unusual URLs. Because this is instruction-only, the static scanner had no package contents to review.
Credentials
The skill declares no required env vars or config paths, but the instructions set and depend on NEXO_HOME and use ~/.nexo (SQLite DBs) and modify ~/.openclaw/openclaw.json. These file-and-env accesses should be declared. The absence of declared credentials is fine, but undisclosed access to local files/config is notable.
Persistence & Privilege
The skill instructs adding a persistent MCP server entry to the OpenClaw gateway config and running a local Python server (long-lived process). While not 'always: true', this is a persistent presence that modifies gateway configuration — a higher privilege than a purely ephemeral instruction-only skill. The SKILL.md asks the agent to edit system config, which increases blast radius if the package is malicious.
What to consider before installing
This skill could be legitimate, but there are important gaps you should resolve before installing:
- Confirm the npm package identity and inspect its source on npm/GitHub (verify package contents, maintainer, and release integrity) before running npx. npx executes package code directly.
- Ask the author to declare ~/.nexo and ~/.openclaw/openclaw.json as required config paths and to list NEXO_HOME in requires.env so the registry metadata matches runtime behavior.
- Verify where ~/.nexo/server.py is installed and why a Python server is required when the package is distributed via npm. Inspect the Python code for network calls/telemetry and confirm the claim that data stays local.
- Backup your OpenClaw config before applying the change, or apply the MCP entry manually and review it. Consider testing inside an isolated environment (VM/container) first to observe file/system changes and network activity.
- If you need higher assurance, ask for a reproducible install log or a signed release; do not run npx as root and avoid exposing sensitive system credentials to this package until you verify it.Like a lobster shell, security has layers — review code before you run it.
latestvk97fp1hkn3gw070dhhatt6vd65850x9p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
OSmacOS · Linux
Binspython3
Install
Install NEXO Brain (npm)
Bins: nexo, nexo-brain
npm i -g nexo-brain