Nova App Builder
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for building and deploying Nova apps, but it asks for real deployment credentials and uses broad development defaults that users should review.
This skill looks appropriate for its stated purpose. Before installing or using it, make sure you trust the Nova Platform workflow, use least-privilege Nova and GitHub credentials, review any self-update, and narrow the generated app’s egress settings before production use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these credentials are over-scoped or mishandled, the agent could create deployments or modify repository contents beyond what the user intended.
The skill asks for credentials that can mutate a Nova account and push to a GitHub repository. The requested access is disclosed and aligned with the deploy workflow, but it is still high-impact authority.
Nova account + API key... GitHub repo + GitHub PAT... Required permissions: Contents (Read & Write), Metadata (Read)
Use fine-grained, repo-specific GitHub tokens and a Nova API key intended for this deployment; revoke or rotate them after use if they are no longer needed.
Running the deploy script can create cloud resources, trigger builds, start deployments, and possibly register on-chain state.
The deployment helper performs real account-changing API operations. These actions fit the skill purpose and the optional on-chain path is described as prompted, but they should not be run casually.
Workflow:\n 1. POST /api/apps ...\n 2. POST /api/apps/{sqid}/builds ...\n 4. POST /api/apps/{sqid}/deployments ...\n 6. (optional, prompted) On-chain registrationReview the target repository, app name, network, and on-chain options before allowing the agent to run deployment commands.
A deployed app may be able to contact arbitrary domains unless the user narrows the egress allowlist.
The default generated Nova app configuration permits outbound connections to all domain names. This is disclosed-style configuration rather than hidden behavior, but it is broad for a TEE app.
"egress_allow": ["**"]
Set a minimal egress allowlist for production deployments, allowing only the domains or IPs the app actually needs.
Updating may replace the reviewed artifact with newer instructions or code that were not part of this scan.
The skill recommends updating itself from ClawHub before use. This is visible to the user, but it can change the reviewed skill version before the workflow runs.
Ensure skill is up to date before starting:\n```bash\nclawhub update nova-app-builder\n```
Only update from a trusted registry, and re-review the new version before letting it handle credentials or deployments.
During local testing, signing, KMS, or storage calls could go to the remote mock service instead of an in-enclave local service.
The local development default sends Odyn API calls to a remote HTTP mock endpoint when IN_ENCLAVE is false. This is disclosed as mock-mode plumbing, but users should avoid sending secrets through it.
ODYN_BASE = "http://127.0.0.1:18000" if IN_ENCLAVE else "http://odyn.sparsity.cloud:18000"
Do not use real secrets or production data in local mock mode; verify IN_ENCLAVE and Odyn endpoint settings before production deployment.