ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NEXO Brain

v3.0.2

Cognitive memory system for AI agents — Atkinson-Shiffrin memory model, semantic RAG, trust scoring, and metacognitive error prevention. Gives your agent per...

0· 168·0 current·0 all-time
by@wazionapps
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (persistent cognitive memory) align with the runtime instructions (install package, run a local MCP server, store SQLite DBs under ~/.nexo). However, metadata/instructions mix Node and Python: the installer is an npm package (nexo-brain) but required binaries list only python3 (node/npm is not declared even though installation and created binaries imply Node). This mismatch is unexplained and worth verifying.
!
Instruction Scope
SKILL.md instructs running 'npx nexo-brain' (which executes code from the npm registry) and adding an MCP server that runs a Python script at ~/.nexo/server.py. The instructions modify the OpenClaw config (~/.openclaw/openclaw.json) and create on-disk state (~/.nexo, two SQLite DBs). The skill claims 'Everything stays local' but provides no verifiable steps to prevent telemetry or outbound network access; because npx can run arbitrary install/startup scripts, this is a scope risk.
Install Mechanism
Install uses the public npm package 'nexo-brain' (moderate risk class). npm packages can run install/start scripts and drop arbitrary files (including a Python server). Using npx to run the package executes remote code immediately. The install source is a common registry (not an arbitrary URL), but the lack of node/npm in declared requirements and no code included in the skill bundle prevents local verification prior to execution.
Credentials
The skill does not request credentials or external API keys and uses only local paths (NEXO_HOME -> ~/.nexo, OpenClaw config). No unrelated environment variables or secrets are demanded in SKILL.md. That said, the MCP server process will have access to any files under ~/.nexo and whatever the OpenClaw gateway user privileges allow.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The skill instructs writing a persistent service and databases under ~/.nexo and modifying the agent's config (~/.openclaw/openclaw.json) to register an MCP server — this is expected for a local memory service, but it is a persistent presence that will be started by the gateway and thus increases blast radius if the installed code is malicious.
What to consider before installing
Before installing: 1) Verify the npm package and its publisher (npm page, GitHub repo) and inspect the package contents—especially any scripts that run on install or a server script at ~/.nexo/server.py. 2) Prefer downloading and inspecting the package locally (or audit its repository) rather than running npx blindly; npx executes remote code immediately. 3) Confirm that the package truly keeps data local (search for network calls or telemetry in the package code). 4) Consider installing and running it in an isolated environment (container or VM) first. 5) Note the metadata mismatch: node/npm is required by the install but not declared in required binaries—ask the author for clarification or request a signed release or reproducible install steps if you need higher assurance.

Like a lobster shell, security has layers — review code before you run it.

latestvk972m5g3g7f7b70kqfem31sekn84cvtp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
OSmacOS · Linux
Binspython3

Install

Install NEXO Brain (npm)
Bins: nexo, nexo-brain
npm i -g nexo-brain

Comments