← Back to Skills Marketplace
mrnsmh

Nexus Safe

by Marouane · GitHub ↗ · v0.1.6
cross-platform ⚠ suspicious
500
Downloads
0
Stars
0
Active Installs
7
Versions
Install in OpenClaw
/install nexus-safe
Description
Provides local system health monitoring and controlled service restarts for Docker and PM2 with full privacy and zero external calls.
Usage Guidance
This skill appears to do what it says (local monitoring + policy-controlled restarts), but there are packaging and documentation gaps you should address before enabling it to perform restarts: - Verify required binaries and env vars: _meta.json and monitor.py require docker, pm2, and NEXUS_SAFE_* environment variables. The registry metadata you were shown contradicted this — confirm which is authoritative and set ALLOWED lists explicitly. - Keep restarts disabled by default: leave NEXUS_SAFE_ALLOW_RESTARTS unset/false until you’ve tested behavior in dry-run mode and reviewed audit.log entries in ~/.nexus-safe/audit.log. - Test with dry-run: use the --dry-run option to confirm which commands the skill would execute and that the allowlist protects only intended services. - Inspect and control inputs: ensure any values passed as service names come from trusted sources (the code uses subprocess.run with argument lists, which mitigates shell injection, but validating service names is still good practice). - Install deps manually from a trusted environment: pip install psutil from an environment you control; there is no installer bundled with the skill. If you want higher assurance, ask the publisher to correct the registry metadata to list required binaries/env vars in the public manifest and to document explicit setup steps for the allowlists and enabling restarts.
Capability Analysis
Type: OpenClaw Skill Name: nexus-safe Version: 0.1.6 The OpenClaw skill 'nexus-safe' is designed for local system reliability, offering status checks, log retrieval, and policy-controlled service restarts. The `monitor.py` script uses `subprocess.run` with a list of arguments, which is safe against shell injection. Service names are validated against live system processes and explicit allowlists (`NEXUS_SAFE_ALLOWED_DOCKER`/`PM2`), significantly mitigating command injection risks. The skill enforces policies like logs-first and rate limiting. The `SKILL.md` and `AGENT_BRAIN.md` files provide clear, non-malicious instructions for the agent, focusing on safe and reasoned system management. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent.
Capability Assessment
Purpose & Capability
The code (monitor.py) implements local health checks and policy-controlled Docker/PM2 restarts which match the skill description. However, the top-level registry metadata provided to you lists no required binaries or environment variables, while _meta.json and the code clearly expect docker, pm2, and several NEXUS_SAFE_* environment variables. That mismatch is unexpected and worth investigating.
Instruction Scope
SKILL.md and README clearly state the tool is 100% local and only requires network access during initial pip install of psutil; monitor.py performs only local operations (psutil metrics, docker/pm2 subprocess calls, and local state/audit file writes). The SKILL.md omits explicit guidance for the required env variables (their names appear only in code/_meta.json), which is a gap that could lead to misconfiguration.
Install Mechanism
This is instruction-only (no installer). It requires installing the psutil Python package with pip (internet required during setup). No downloads or archive extraction occur as part of an automated install spec included with the skill.
Credentials
The code expects several environment settings (NEXUS_SAFE_ALLOW_RESTARTS, NEXUS_SAFE_ALLOWED_DOCKER, NEXUS_SAFE_ALLOWED_PM2, etc.) which are proportionate to the stated capability (allowlists, enabling restarts). The concern is that the registry metadata initially presented to you said 'none' for required env vars/binaries while _meta.json contains them — this inconsistency could hide required configuration or lead to accidental enabling of privileged actions.
Persistence & Privilege
The skill requests local filesystem write/read under ~/.nexus-safe to store state and an audit log, which is reasonable for rate-limiting and auditing. It does not request network access, does not change other skills, and is not force-enabled (always:false).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install nexus-safe
  3. After installation, invoke the skill by name or use /nexus-safe
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.6
- Updated privacy policy for clearer runtime privacy guarantees and setup requirements. - Improved documentation on system commands and enforced policies (logs-first, allowlisting, rate limiting). - Refined installation instructions for clarity. - No code changes; documentation only.
v0.1.5
## nexus-safe 0.1.5 Changelog - Major documentation update: SKILL.md now emphasizes local-only operation and clarifies "log-first" enforcement. - Improved environment variable guidance and configuration instructions. - Updated command descriptions for clarity. - Added explicit installation steps for dependencies (psutil, docker, pm2).
v0.1.4
Version 0.1.4 Changelog: - Added AGENT_BRAIN.md to provide diagnostic protocol guidance for the Agent. - Enhanced Agent logic to consult AGENT_BRAIN.md, shifting recovery actions from procedural to reasoning-based. - Updated documentation for clarity on AI-driven diagnostics and usage. - Retained core security measures: logs-first restart, allowlists, and strict rate-limiting.
v0.1.3
**Major security and policy updates in v0.1.3:** - Introduced hard-coded security policies: restarts are denied by default, require explicit allowlisting, and are rate limited. - Log check is enforced before service recovery; restarts require recent log review. - Restart permissions and service allowlists are now managed via environment variables. - All admin actions are now audited to a local logfile for traceability.
v0.1.2
v0.1.2 Update Summary: Documentation improvements for clarity, privacy, and safety. - Clarified the agent's privacy: zero outbound network requests after install. - Strengthened language on local operation and data sovereignty. - Expanded capabilities section with detailed command behaviors. - Added explicit requirements and installation notes, including offline operation post-install. - Clarified recovery workflow safeguards to avoid infinite restart loops.
v0.1.1
- Added a README.md file to the project. - Updated documentation to improve clarity and provide French-language instructions. - Installation requirements now clearly specify `python3` and `psutil`. - Usage protocols emphasize explicit log checks before service restarts. - Security and local-only operational details have been made more prominent.
v0.1.0
Initial release of Nexus-Safe skill. - Zero-trust, local-only system supervisor for enhanced security and privacy. - Performs real-time CPU, RAM, and Disk usage audits. - Monitors and provides status of Docker and PM2 services. - Allows safe, context-aware service restarts with log inspection. - All monitoring and reporting are strictly local; no external API calls. - Simple usage with no external credentials required.
Metadata
Slug nexus-safe
Version 0.1.6
License
All-time Installs 0
Active Installs 0
Total Versions 7
Frequently Asked Questions

What is Nexus Safe?

Provides local system health monitoring and controlled service restarts for Docker and PM2 with full privacy and zero external calls. It is an AI Agent Skill for Claude Code / OpenClaw, with 500 downloads so far.

How do I install Nexus Safe?

Run "/install nexus-safe" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Nexus Safe free?

Yes, Nexus Safe is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Nexus Safe support?

Nexus Safe is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Nexus Safe?

It is built and maintained by Marouane (@mrnsmh); the current version is v0.1.6.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments