nexua-ai
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s Nexus functions are mostly purpose-aligned, but it can publish content and retrieve phone-linked reports through external APIs with unclear authentication, confirmation, and credential handling.
Review this skill before installing. Only use it if you trust the Nexus endpoints, confirm any publish action before it is sent, and avoid querying reports for phone numbers you do not own. The developer should clarify the authentication model and fix the mismatch between the documented JWT token and the included code.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too eagerly, the agent could publish user-provided or misunderstood content to Nexus without a clear final approval step.
The script can publish a resource/job/event to the Nexus API using supplied phone, title, and content, but the artifacts do not require an explicit final confirmation, preview, or reversal path before the mutation.
url = f'{NEXUS_BASE}/job/open-claw-create-job?{params}' ... req = urllib.request.Request(url, headers={'Content-Type': 'application/json'}, method='POST')Require an explicit user confirmation with a preview of phone, title, content, label, and destination before calling the publish endpoint, and document how to edit or remove a published item.
A phone-linked Nexus report may be retrieved for a number without the artifacts showing how the requester is verified.
The report lookup sends only a phone number to retrieve a usage report; the included client code shows no token, login, or ownership proof, even though the feature is described as querying personal usage data.
url = f'{NEXUS_BASE}/summary/content_by_phone?phone={phone}'Use a documented authentication or ownership check for report access, and instruct the agent to query reports only for a phone number the user explicitly confirms they control.
Users may believe publishing is protected by a JWT-based identity boundary when the reviewed implementation does not show that protection.
The documentation says a JWT token is required and automatically read from scripts/token.txt, but the registry metadata declares no credentials/config paths and the included script does not read or send such a token.
`token` | JWT 认证令牌(存储在 `scripts/token.txt`,自动读取)
Align the documentation, metadata, and code: either implement and declare the token handling with clear scope, or remove the token claim and explain the actual authorization model.
Questions and any personal details included in them may be processed by an external AI service.
The RAG search feature sends the user's query plus optional identity/session information to an external AI endpoint, which is purpose-aligned but should be visible to users.
RAG_URL = 'https://ai.hydts.cn/ai/rag-stream' ... payload = {'query': query, 'mod': 'coze', 'identity': identity or 'default', 'intelligent_agent': '7615042672550068270'}Tell users before sending sensitive questions to the RAG endpoint, and avoid including private personal or business data unless necessary.