← 返回 Skills 市场

Nexus Safe

Name: Nexus Safe
Author: mrnsmh

作者 Marouane · GitHub ↗ · v0.1.6

cross-platform ⚠ suspicious

500

总下载

当前安装

版本数

在 OpenClaw 中安装

/install nexus-safe

功能描述

Provides local system health monitoring and controlled service restarts for Docker and PM2 with full privacy and zero external calls.

安全使用建议

This skill appears to do what it says (local monitoring + policy-controlled restarts), but there are packaging and documentation gaps you should address before enabling it to perform restarts: - Verify required binaries and env vars: _meta.json and monitor.py require docker, pm2, and NEXUS_SAFE_* environment variables. The registry metadata you were shown contradicted this — confirm which is authoritative and set ALLOWED lists explicitly. - Keep restarts disabled by default: leave NEXUS_SAFE_ALLOW_RESTARTS unset/false until you’ve tested behavior in dry-run mode and reviewed audit.log entries in ~/.nexus-safe/audit.log. - Test with dry-run: use the --dry-run option to confirm which commands the skill would execute and that the allowlist protects only intended services. - Inspect and control inputs: ensure any values passed as service names come from trusted sources (the code uses subprocess.run with argument lists, which mitigates shell injection, but validating service names is still good practice). - Install deps manually from a trusted environment: pip install psutil from an environment you control; there is no installer bundled with the skill. If you want higher assurance, ask the publisher to correct the registry metadata to list required binaries/env vars in the public manifest and to document explicit setup steps for the allowlists and enabling restarts.

功能分析

Type: OpenClaw Skill Name: nexus-safe Version: 0.1.6 The OpenClaw skill 'nexus-safe' is designed for local system reliability, offering status checks, log retrieval, and policy-controlled service restarts. The `monitor.py` script uses `subprocess.run` with a list of arguments, which is safe against shell injection. Service names are validated against live system processes and explicit allowlists (`NEXUS_SAFE_ALLOWED_DOCKER`/`PM2`), significantly mitigating command injection risks. The skill enforces policies like logs-first and rate limiting. The `SKILL.md` and `AGENT_BRAIN.md` files provide clear, non-malicious instructions for the agent, focusing on safe and reasoned system management. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent.

能力评估

ℹ Purpose & Capability

The code (monitor.py) implements local health checks and policy-controlled Docker/PM2 restarts which match the skill description. However, the top-level registry metadata provided to you lists no required binaries or environment variables, while _meta.json and the code clearly expect docker, pm2, and several NEXUS_SAFE_* environment variables. That mismatch is unexpected and worth investigating.

ℹ Instruction Scope

SKILL.md and README clearly state the tool is 100% local and only requires network access during initial pip install of psutil; monitor.py performs only local operations (psutil metrics, docker/pm2 subprocess calls, and local state/audit file writes). The SKILL.md omits explicit guidance for the required env variables (their names appear only in code/_meta.json), which is a gap that could lead to misconfiguration.

✓ Install Mechanism

This is instruction-only (no installer). It requires installing the psutil Python package with pip (internet required during setup). No downloads or archive extraction occur as part of an automated install spec included with the skill.

⚠ Credentials

The code expects several environment settings (NEXUS_SAFE_ALLOW_RESTARTS, NEXUS_SAFE_ALLOWED_DOCKER, NEXUS_SAFE_ALLOWED_PM2, etc.) which are proportionate to the stated capability (allowlists, enabling restarts). The concern is that the registry metadata initially presented to you said 'none' for required env vars/binaries while _meta.json contains them — this inconsistency could hide required configuration or lead to accidental enabling of privileged actions.

✓ Persistence & Privilege

The skill requests local filesystem write/read under ~/.nexus-safe to store state and an audit log, which is reasonable for rate-limiting and auditing. It does not request network access, does not change other skills, and is not force-enabled (always:false).

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install nexus-safe
安装完成后，直接呼叫该 Skill 的名称或使用 /nexus-safe 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.6

- Updated privacy policy for clearer runtime privacy guarantees and setup requirements. - Improved documentation on system commands and enforced policies (logs-first, allowlisting, rate limiting). - Refined installation instructions for clarity. - No code changes; documentation only.

v0.1.5

## nexus-safe 0.1.5 Changelog - Major documentation update: SKILL.md now emphasizes local-only operation and clarifies "log-first" enforcement. - Improved environment variable guidance and configuration instructions. - Updated command descriptions for clarity. - Added explicit installation steps for dependencies (psutil, docker, pm2).

v0.1.4

Version 0.1.4 Changelog: - Added AGENT_BRAIN.md to provide diagnostic protocol guidance for the Agent. - Enhanced Agent logic to consult AGENT_BRAIN.md, shifting recovery actions from procedural to reasoning-based. - Updated documentation for clarity on AI-driven diagnostics and usage. - Retained core security measures: logs-first restart, allowlists, and strict rate-limiting.

v0.1.3

**Major security and policy updates in v0.1.3:** - Introduced hard-coded security policies: restarts are denied by default, require explicit allowlisting, and are rate limited. - Log check is enforced before service recovery; restarts require recent log review. - Restart permissions and service allowlists are now managed via environment variables. - All admin actions are now audited to a local logfile for traceability.

v0.1.2

v0.1.2 Update Summary: Documentation improvements for clarity, privacy, and safety. - Clarified the agent's privacy: zero outbound network requests after install. - Strengthened language on local operation and data sovereignty. - Expanded capabilities section with detailed command behaviors. - Added explicit requirements and installation notes, including offline operation post-install. - Clarified recovery workflow safeguards to avoid infinite restart loops.

v0.1.1

- Added a README.md file to the project. - Updated documentation to improve clarity and provide French-language instructions. - Installation requirements now clearly specify `python3` and `psutil`. - Usage protocols emphasize explicit log checks before service restarts. - Security and local-only operational details have been made more prominent.

v0.1.0

Initial release of Nexus-Safe skill. - Zero-trust, local-only system supervisor for enhanced security and privacy. - Performs real-time CPU, RAM, and Disk usage audits. - Monitors and provides status of Docker and PM2 services. - Allows safe, context-aware service restarts with log inspection. - All monitoring and reporting are strictly local; no external API calls. - Simple usage with no external credentials required.

元数据

Slug nexus-safe

版本 0.1.6

许可证 —

累计安装 0

当前安装数 0

历史版本数 7

常见问题

Nexus Safe 是什么？

Provides local system health monitoring and controlled service restarts for Docker and PM2 with full privacy and zero external calls. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 500 次。

如何安装 Nexus Safe？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nexus-safe」即可一键安装，无需额外配置。

Nexus Safe 是免费的吗？

是的，Nexus Safe 完全免费（开源免费），可自由下载、安装和使用。

Nexus Safe 支持哪些平台？

Nexus Safe 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Nexus Safe？

由 Marouane（@mrnsmh）开发并维护，当前版本 v0.1.6。