Add SafeSkill security badge (65/100 — Use with Caution)

[OyaAIProd]

🟠 SafeSkill Security Scan Results

Metric	Value
Overall Score	65/100 (Use with Caution)
Code Score	67/100
Content Score	81/100
Findings	170 findings detected (30 critical)
Taint Flows	87
Files Scanned	5
Scan Duration	1.7s

Top Findings

• 🔴 critical: Accesses sensitive system path (bin/nexo-brain.js:890)
• 🔴 critical: Imports child_process module (bin/nexo-brain.js:17)
• 🔴 critical: Spawns child process (bin/nexo-brain.js:45)
• 🔴 critical: Spawns child process (bin/nexo-brain.js:241)
• 🔴 critical: Spawns child process (bin/nexo-brain.js:248)

View full report on SafeSkill

---

This PR was automatically generated by SafeSkill — the security scanner for AI tools and MCP servers.

[wazionapps]

Thanks for the scan! However, I'm closing this PR for the following reasons:

The critical findings are expected behavior for a CLI tool:

• child_process imports and spawns: NEXO Brain is a Node.js CLI that orchestrates AI agents. Spawning processes is its core functionality, not a vulnerability.
• Accesses sensitive system path: the tool reads ~/.nexo/ (its own data directory) by design.

Score context: A 65/100 Use with Caution badge would misrepresent the project security posture. These findings are architectural decisions, not security flaws. A CLI tool that cannot spawn processes or access the filesystem would not be able to function.

We appreciate automated security scanning but believe this badge would confuse users. If SafeSkill adds context-aware scanning that distinguishes between CLI tools and web services, we would be happy to revisit.