Axioma Guard

What to consider before installing: - Source trust: The package has no homepage and an unknown owner. That increases risk—prefer skills from known authors or repositories. - External endpoints: The code contacts two endpoints: a default Clawdex at https://clawdex.koi.security/api/skill and a Merlin API at http://localhost:8001 (overridable via CLAWDEX_API and MERLIN_API env vars). If an attacker changes MERLIN_API to a remote host or if the default clawdex domain is malicious, the agent will send threat data to external services. Verify and restrict these endpoints before use. - Prompt-injection artifact: The SKILL.md contains unicode control character signals flagged by the scanner. Inspect the raw SKILL.md and remove/understand any hidden characters; they are unnecessary for normal operation. - Local filesystem access: The script enumerates ./skills (lists directories) to check installed skills. This is expected behavior for a scanner, but be aware it reads directory names and makes outbound requests per entry. - Mitigations if you still want to try it: - Run in an isolated environment (container or VM) with restricted network egress. - Set CLAWDEX_API to a trusted, reviewed endpoint and set MERLIN_API to a local/controlled service; avoid pointing MERLIN_API to unknown remote servers. - Review and run the Python source (clawguard.py) manually to verify behavior; check for hidden characters and unexpected code paths. - Avoid granting any credentials to the skill; it doesn't require tokens but be careful if you alter it to add auth. Given the unknown provenance and the prompt-injection signal, do not install this skill on production or highly-trusted agents until you have verified its code and endpoints. If you can confirm the Clawdex domain and author reputation, and run it in a sandbox with network controls, the functionality itself is coherent with its description.