← Back to Skills Marketplace
559
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install nexus-sentinel
Description
Autonomously monitors server health, optimizes resources, performs context-aware recovery, generates status reports, and triggers backups on critical file ch...
Usage Guidance
Do not install or provide real credentials to this skill yet. Actionable next steps: 1) Ask the publisher to explain the metadata mismatch (registry listing omitted env/binary requirements) and to provide an authoritative install spec. 2) Verify the external service at gateway.maton.ai (who runs it, privacy/security policies) before giving MATON_API_KEY. 3) Fix/inspect code: sentinel.py has a runtime bug (calls undefined get_system_vitals) and the backup/upload flow is incomplete; request or perform a code review. 4) Test in an isolated/staging environment with a limited, revocable credential and network monitoring (so you can see outbound calls). 5) Prefer separate minimal credentials (distinct keys for notifications vs backups) and ensure backups are audited to exclude secrets. If you cannot verify the gateway or the author, treat the skill as unsafe for production.
Capability Analysis
Type: OpenClaw Skill
Name: nexus-sentinel
Version: 0.1.3
The `sentinel.py` script contains a critical shell injection vulnerability in the `list_recent_errors` function. The `service_name` argument, derived from user input via `sys.argv[2]`, is directly used in `subprocess.run` commands for `docker logs` and `pm2 logs` without proper sanitization. This allows an attacker to execute arbitrary commands on the host system, leading to Remote Code Execution (RCE). While the `SKILL.md` documentation outlines security protocols and the code attempts to prevent sensitive file backups, the RCE vulnerability is a severe flaw that could be exploited for malicious purposes, classifying the skill as suspicious.
Capability Assessment
Purpose & Capability
The stated purpose (autonomous SRE agent: monitoring, recovery, backups, notifications) aligns with the code (system vitals, log extraction, notify, backup_file) and the declared dependencies in _meta.json/SKILL.md (docker, pm2, tar, psutil, requests). However the registry-level metadata presented to you earlier said "Required env vars: none" and "No required binaries" which contradicts _meta.json and SKILL.md. That mismatch is a packaging/metadata coherence problem and may hide unexpected requirements.
Instruction Scope
SKILL.md instructs the agent to run sentinel.py analyze before restarts, to avoid including .env/secrets in backups without explicit approval, and to install packages if missing — all reasonable for an SRE tool. Concerns: (1) SKILL.md requires MATON_API_KEY, NEXUS_REPORT_CHANNEL, and NEXUS_BACKUP_PATH but the registry listing omitted these, so the runtime will expect secrets the registry didn't advertise; (2) the implementation references an external API gateway (https://gateway.maton.ai) for notifications/uploads — an external service not documented elsewhere; (3) the code enforces a simplistic sensitive-file filter (pattern matching names like "key"/"token") which is error-prone and could produce false negatives/positives; (4) the sentinel.py has a clear runtime bug: main() calls get_system_vitals() but only get_system_report() is defined, so status commands will crash.
Install Mechanism
There is no formal install spec (no downloads/install script) so risk of arbitrary remote code install is low. However the skill contains a Python file that expects local binaries (docker, pm2, tar, curl) and Python packages (psutil, requests) and instructs the agent to offer installing them. Suggesting or automating package installation increases risk if done without review. No external archives or short/unknown URLs are fetched by the skill itself, but it does call out to an external API gateway for network operations.
Credentials
The skill requires sensitive credentials (MATON_API_KEY) plus a WhatsApp target and a backup folder ID for uploading backups. Those are plausible for notifications and remote backups, but: (1) the top-level registry showed no env requirements while SKILL.md/_meta.json do — inconsistent disclosure; (2) a single MATON_API_KEY appears to be used both for WhatsApp relay and GDrive upload via a third-party gateway — combining capabilities under one credential increases risk if that gateway is compromised; (3) the backup_file implementation never performs the upload in included code (returns status ready_for_upload), which leaves unclear how uploads actually occur and whether other secrets/paths would be used.
Persistence & Privilege
The skill does not request always:true and does not request unusual platform privileges. _meta.json declares filesystem read/write and outbound network plus commands (docker, pm2, tar) which match the claimed purpose. Autonomous invocation is allowed (platform default) but that, by itself, is expected for an autonomous SRE skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nexus-sentinel - After installation, invoke the skill by name or use
/nexus-sentinel - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.3
- Version bump to 0.1.3 with no code or documentation changes.
- No file changes detected in this release.
v0.1.2
- Added a README.md file.
- Major update to SKILL.md: refocused on critical security protocols and stricter backup rules.
- Introduced a requirement for explicit user approval before backing up sensitive config files (like `.env`).
- Reduced agent autonomy—automatic restarts are now rate-limited and require manual intervention after threshold.
- Enhanced diagnostic steps: agent must analyze errors before attempting recovery actions.
- Expanded configuration instructions and explicitly listed system and Python dependencies.
- Revised and clarified available commands.
v0.1.0
Initial release of Nexus-Sentinel, the autonomous reliability engineer for servers:
- Proactively optimizes servers by cleaning logs and temp files, analyzing errors, and handling multi-step recoveries.
- Monitors key configuration files and triggers incremental Google Drive backups on detected changes.
- Offers commands for server summaries, manual optimizations, deep diagnostics, and status dashboards.
- Implements autonomous rules to manage disk and RAM pressure and regularly clean up unused Docker resources.
- Supports optional configuration for report channels and backup paths.
Metadata
Frequently Asked Questions
What is Nexus Sentinel?
Autonomously monitors server health, optimizes resources, performs context-aware recovery, generates status reports, and triggers backups on critical file ch... It is an AI Agent Skill for Claude Code / OpenClaw, with 559 downloads so far.
How do I install Nexus Sentinel?
Run "/install nexus-sentinel" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Nexus Sentinel free?
Yes, Nexus Sentinel is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Nexus Sentinel support?
Nexus Sentinel is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Nexus Sentinel?
It is built and maintained by Marouane (@mrnsmh); the current version is v0.1.3.
More Skills