Nexus Sentinel

The stated purpose (autonomous SRE agent: monitoring, recovery, backups, notifications) aligns with the code (system vitals, log extraction, notify, backup_file) and the declared dependencies in _meta.json/SKILL.md (docker, pm2, tar, psutil, requests). However the registry-level metadata presented to you earlier said "Required env vars: none" and "No required binaries" which contradicts _meta.json and SKILL.md. That mismatch is a packaging/metadata coherence problem and may hide unexpected requirements.

SKILL.md instructs the agent to run sentinel.py analyze before restarts, to avoid including .env/secrets in backups without explicit approval, and to install packages if missing — all reasonable for an SRE tool. Concerns: (1) SKILL.md requires MATON_API_KEY, NEXUS_REPORT_CHANNEL, and NEXUS_BACKUP_PATH but the registry listing omitted these, so the runtime will expect secrets the registry didn't advertise; (2) the implementation references an external API gateway (https://gateway.maton.ai) for notifications/uploads — an external service not documented elsewhere; (3) the code enforces a simplistic sensitive-file filter (pattern matching names like "key"/"token") which is error-prone and could produce false negatives/positives; (4) the sentinel.py has a clear runtime bug: main() calls get_system_vitals() but only get_system_report() is defined, so status commands will crash.

There is no formal install spec (no downloads/install script) so risk of arbitrary remote code install is low. However the skill contains a Python file that expects local binaries (docker, pm2, tar, curl) and Python packages (psutil, requests) and instructs the agent to offer installing them. Suggesting or automating package installation increases risk if done without review. No external archives or short/unknown URLs are fetched by the skill itself, but it does call out to an external API gateway for network operations.

The skill requires sensitive credentials (MATON_API_KEY) plus a WhatsApp target and a backup folder ID for uploading backups. Those are plausible for notifications and remote backups, but: (1) the top-level registry showed no env requirements while SKILL.md/_meta.json do — inconsistent disclosure; (2) a single MATON_API_KEY appears to be used both for WhatsApp relay and GDrive upload via a third-party gateway — combining capabilities under one credential increases risk if that gateway is compromised; (3) the backup_file implementation never performs the upload in included code (returns status ready_for_upload), which leaves unclear how uploads actually occur and whether other secrets/paths would be used.

The skill does not request always:true and does not request unusual platform privileges. _meta.json declares filesystem read/write and outbound network plus commands (docker, pm2, tar) which match the claimed purpose. Autonomous invocation is allowed (platform default) but that, by itself, is expected for an autonomous SRE skill.