← 返回 Skills 市场

nexua-ai

Name: nexua-ai
Author: songsh66

作者 songsh66 · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

121

总下载

当前安装

版本数

在 OpenClaw 中安装

/install nexus-ai

功能描述

Nexus 小程序统一智能助手。整合发布资源/岗位/活动、查询使用报告、智能问答三大功能。当用户说「发布资源/岗位/活动/招聘」「查询 nexus 总结/使用报告/AI使用报告」或询问资源/人、搜索信息时使用此技能。

安全使用建议

Key things to check before installing or enabling this skill: - Documentation mismatch: SKILL.md says a JWT token is stored in scripts/token.txt and that token is required for posting, but scripts/nexus_ai.py does not read token.txt or send a token. Ask the author which is correct. If a token is actually required, confirm how it will be provided and stored and inspect scripts/token.txt for sensitive data. - Third‑party data flow: The 'ask' feature posts user queries to https://ai.hydts.cn. If you will send user content (including phone numbers or private text), understand that those queries go to that external service. If privacy of queries is important, do not enable the RAG feature until you verify the provider's privacy/security posture or remove that call. - File path inconsistencies: SKILL.md references a Windows QR image path; the script expects scripts/nexus_qr.png. Confirm that the expected QR image exists where the script expects it, and that no unexpected file reads/writes occur. - Test safely: Run the script in a sandbox or isolated environment first. Use non-sensitive test phone numbers and dummy content to observe network behavior (which endpoints are called and what payloads are sent). Monitor network to verify whether any token or other secret is transmitted unexpectedly. - Ask for clarifications or fixes: Request an updated SKILL.md that matches the code (or updated code that matches the docs). Specifically ask whether an auth token is required and where it should come from, and ask the author to document privacy implications of the RAG endpoint. Overall: the skill appears to implement the advertised features, but the documentation/code inconsistencies and the use of an external RAG service justify caution (suspicious).

功能分析

Type: OpenClaw Skill Name: nexus-ai Version: 1.0.1 The skill bundle provides a legitimate interface for the Nexus-AI service, allowing users to post job listings, query usage reports, and interact with a RAG-based Q&A system. The Python script (scripts/nexus_ai.py) uses standard libraries to communicate with specific backend endpoints (tcloudbase.com and hydts.cn) and does not exhibit any signs of data exfiltration, unauthorized execution, or obfuscation.

能力评估

ℹ Purpose & Capability

The described capabilities (post resource, query reports, RAG search) match the network endpoints and functions implemented in scripts/nexus_ai.py (calls to nexus-saas...sh.run.tcloudbase.com and ai.hydts.cn). That is consistent. However the SKILL.md claims a JWT token is stored in scripts/token.txt and required for posting, but the script does not read or send any token parameter. The SKILL.md also references a Windows QR file path (C:\Users\Songsh\.qclaw\workspace\nexus_report_template.png) while the script uses scripts/nexus_qr.png. These inconsistencies reduce confidence that the documentation and implementation are aligned.

⚠ Instruction Scope

SKILL.md instructs the agent to use a token from scripts/token.txt and to attach a token parameter for posting, but the included script never reads token.txt nor sends a token. SKILL.md and the script disagree about the QR image path. The instructions direct network calls to two external services (the Nexus SaaS endpoint and a third‑party RAG service at ai.hydts.cn); the SKILL.md does not call out privacy implications of sending user queries to a third party. The agent is not instructed to access any unrelated local files or env vars, but the token mismatch is problematic (either documentation is stale or code is missing authentication handling).

✓ Install Mechanism

No install spec; this is an instruction + single script file. No packages are downloaded or written to disk by an installer. Risk from install mechanism is low.

ℹ Credentials

The skill declares no required environment variables or credentials, which is appropriate for the visible code. But the SKILL.md claims a JWT token in scripts/token.txt and a Windows report template path; those are not reflected in requires.env and are inconsistent with the script. Also, the script sends user phone numbers and queries to remote endpoints (including ai.hydts.cn), which may be sensitive — lack of declared credential/consent handling is a privacy consideration.

✓ Persistence & Privilege

always is false and there is no claim that the skill modifies other skills or system settings. It does not request elevated or persistent platform privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install nexus-ai
安装完成后，直接呼叫该 Skill 的名称或使用 /nexus-ai 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Removed the scripts/token.txt file. - Updated API endpoint for resource posting to nexus-saas-45653-8-1317958785.sh.run.tcloudbase.com. - Updated documentation to remove the requirement for token.txt for authentication details. - Minor updates to the usage instructions and requirements.

v1.0.0

Nexus-AI 1.0.0 初始版本上线 - 集成三大核心功能：资源/岗位/活动发布、使用报告查询、智能问答（RAG 搜索） - 支持通过命令行界面一键操作 - 自动识别内容类型并分配标签 - 查询报告时可获得纯文本总结及二维码图片附件 - 智能问答支持个性化身份标识与会话上下文

元数据

Slug nexus-ai

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

nexua-ai 是什么？

Nexus 小程序统一智能助手。整合发布资源/岗位/活动、查询使用报告、智能问答三大功能。当用户说「发布资源/岗位/活动/招聘」「查询 nexus 总结/使用报告/AI使用报告」或询问资源/人、搜索信息时使用此技能。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 121 次。

如何安装 nexua-ai？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nexus-ai」即可一键安装，无需额外配置。

nexua-ai 是免费的吗？

是的，nexua-ai 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

nexua-ai 支持哪些平台？

nexua-ai 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 nexua-ai？

由 songsh66（@songsh66）开发并维护，当前版本 v1.0.1。