← 返回 Skills 市场
Nexus — Ops OS for AI Agents
作者
karimsherifyehia
· GitHub ↗
· v1.0.5
· MIT-0
182
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install nexus
功能描述
Interact with Nexus, a multi-tenant Ops OS for ecommerce and retail businesses. Requires a NEXUS_API_KEY environment variable (agent API key with prefix nxs_...
安全使用建议
Do not install or enable this skill until you verify its provenance and correct the metadata mismatch. Specific actions to take before proceeding:
- Verify origin: ask the publisher for an authoritative homepage or repository and confirm the owner matches Nexus (the SKILL.md lists nexus-docs.aiforstartups.io but the package registry shows unknown source).
- Confirm registry metadata: ensure the skill entry declares NEXUS_API_KEY as a required env and that disable-model-invocation is set to true if you require manual approval for writes. The current package metadata contradicts the embedded SKILL.md.
- Only supply an agent API key (nxs_ak_...) created by an org admin; never supply a human JWT. Treat any anon PostgREST key as sensitive and avoid embedding it in shared runtimes.
- If you must test, run the skill in a tightly-scoped environment with limited org scope and audit logs enabled, and do not provide write-scoped keys until you are satisfied with behavior.
- Ask the vendor for signed packaging or a canonical registry entry (and for source code) so you can confirm there are no hidden behaviors. These inconsistencies suggest packaging or governance issues rather than obvious malice, but they should be resolved before trust is granted.
功能分析
Type: OpenClaw Skill
Name: nexus
Version: 1.0.5
The Nexus Agent skill is a legitimate integration for the Nexus operations platform, providing tools for CRM, order management, and messaging. It includes strong safety guidelines for the AI agent, such as restricting network calls to trusted domains (api.nexus.aiforstartups.io), enforcing a 'read-first' policy, and requiring explicit user confirmation for write operations. No indicators of malicious intent or data exfiltration were found in SKILL.md or api-reference.md.
能力评估
Purpose & Capability
SKILL.md and api-reference clearly define a Nexus agent that uses a single agent API key (NEXUS_API_KEY) and may optionally use an anon key for direct PostgREST access; those credentials are coherent with the stated purpose. However, the registry metadata provided with the skill (requirements/primary credential) does NOT list the required NEXUS_API_KEY or primary credential — a clear packaging/metadata mismatch that is unexpected and unexplained.
Instruction Scope
The runtime instructions are focused and verbosely constrain behavior: read-first by default, explicit confirmation required for writes, limited trusted domains (api.nexus.aiforstartups.io and nexus-docs.aiforstartups.io), and an exchange flow for agent JWTs. The api-reference contains direct PostgREST endpoints and exact DB column names, which is powerful but expected for an ops agent; it also increases the chance of accidental writes if confirmations are not enforced. Overall instructions are scoped to the product, but they permit low-level direct DB access (via anon key or JWT) which is sensitive.
Install Mechanism
This is instruction-only with no install spec and no code files, so nothing is downloaded or written by an installer. That reduces risk from arbitrary installs.
Credentials
The skill legitimately needs one primary secret (NEXUS_API_KEY) and optionally an anon PostgREST key for direct DB reads; that is proportionate. However, the registry metadata omitted these env declarations while SKILL.md declares them (metadata mismatch). Additionally, the presence of guidance about anon keys highlights the risk: anon keys and agent API keys must be treated as sensitive and only supplied by trusted runtimes. The skill's requests for sensitive keys are justified by purpose but demand careful runtime governance.
Persistence & Privilege
The SKILL.md intends the skill to be user-invocable only and explicitly sets disable-model-invocation (do not allow autonomous invocation) in its header metadata. The registry metadata earlier provided with the package shows default flags (disable-model-invocation: false), creating a mismatch that could allow autonomous agent invocation when the author intended to prohibit it. The skill is not flagged always:true, which is good, but the contradictory invocation flags are an important risk to resolve before installation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nexus - 安装完成后,直接呼叫该 Skill 的名称或使用
/nexus触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
- Skill renamed to "nexus-agent" and description updated for clarity about agent authentication and supported operations.
- Now user-invocable only; disables autonomous or background actions by the AI, with a strong "read-first, write-gated" execution policy.
- All write operations (e.g., creating orders, updating contacts, sending messages) require explicit user confirmation.
- Updated and detailed credential handling: only reads the NEXUS_API_KEY environment variable, never human JWTs or unrelated secrets.
- Expanded policy and documentation for authentication, direct API, and MCP integration.
- New safety guidance: limits host calls to trusted Nexus domains only.
v1.0.4
- Added homepage and source URLs to metadata for easier discovery and reference.
- Updated environment variable declaration style from `credentials:` to `env:` for consistency.
- No changes to core functionality or API usage.
v1.0.3
- Added explicit credentials section detailing the required NEXUS_API_KEY variable.
- Clarified that API key must have prefix nxs_ak_, obtained via self-registration, and stored as an environment variable.
- No changes to functionality or APIs—documentation and metadata update only.
v1.0.2
- Simplified setup: Skill now requires the NEXUS_API_KEY environment variable, set by the user after self-registration.
- Clarified credential handling: No more reading from files; instead, prompt user for their API key if missing.
- Improved documentation: Instructions now focus on essential authentication steps and agent registration flow.
- Expanded triggers: Added support for queries about social media posts and content calendars.
- Reformatted tool descriptions and plan tiers for greater clarity and easier reading.
v1.0.1
**Changelog for nexus v1.0.1**
- Switched API base URL to https://api.nexus.aiforstartups.io/functions/v1 (no longer uses Supabase direct URL).
- Added self-registration flow for agents with `agent-register`.
- Credentials are now stored in `.nexus-credentials` and obtained via registration endpoint if missing.
- Updated authentication: only agent API key and JWT are required; Supabase anon key is deprecated.
- Expanded documentation on available MCP tools, including new social media and content calendar tools.
- Clarified plan limits, scopes, and integration guidelines.
v1.0.0
Nexus Agent Skill v1.0.0
- Initial release.
- Provides AI agent integration for Nexus multi-tenant Ops OS.
- Supports agent authentication via API key exchange, CRM contact management, omnichannel messaging, order/inventory/warehouse operations, shipping, VoIP, and analytics.
- Outlines preferred integration path (MCP server), with direct API fallback.
- Documents available API endpoints, scopes, workflows, and core operations.
元数据
常见问题
Nexus — Ops OS for AI Agents 是什么?
Interact with Nexus, a multi-tenant Ops OS for ecommerce and retail businesses. Requires a NEXUS_API_KEY environment variable (agent API key with prefix nxs_... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 182 次。
如何安装 Nexus — Ops OS for AI Agents?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nexus」即可一键安装,无需额外配置。
Nexus — Ops OS for AI Agents 是免费的吗?
是的,Nexus — Ops OS for AI Agents 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Nexus — Ops OS for AI Agents 支持哪些平台?
Nexus — Ops OS for AI Agents 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nexus — Ops OS for AI Agents?
由 karimsherifyehia(@karimsherifyehia)开发并维护,当前版本 v1.0.5。
推荐 Skills