Axioma Guard Ultimate
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is generally aligned with security/quality checking, but it includes an overbroad permanent deletion script and depends on undeclared local helper scripts.
Use this only as a manual, reviewed tool. Verify the companion scanner/evaluator paths before trusting results, and avoid the destroy command unless you are certain the target path is correct and backed up.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user passes the wrong path, this can permanently delete local files or directories.
The script accepts an arbitrary first argument as the target path, moves it, and then recursively deletes it after only a --confirm flag, with no check that it is actually a ClawHub skill or recoverable backup.
skill_path = sys.argv[1] ... shutil.move(skill_path, quarantine_path) ... shutil.rmtree(quarantine_path)
Do not run destroy.py unless you have verified the exact path and have backups. The maintainer should restrict deletion to a known skills directory, add dry-run and interactive confirmation, and prefer quarantine without immediate deletion.
The skill may fail on other machines or run whatever code exists at those local paths if present.
Core functionality is delegated to hard-coded local companion skill paths rather than bundled or declared dependencies, so the actual scanner/evaluator code is outside this artifact set.
guard_path = "/media/ezekiel/Merlin/.openclaw/workspace/skills/axioma-guard" ... eval_path = "/media/ezekiel/Merlin/.openclaw/workspace/skills/axioma-skill-evaluator"
Verify and install the companion tools separately before use. The maintainer should declare dependencies, avoid user-specific absolute paths, and pin or bundle reviewed helper versions.
A user might over-trust the result even if the main security helper did not actually run.
The script visibly warns when a scanner is missing, but still ends with a generic completion banner, which could be mistaken for a complete security check.
print("⚠️ merlin-guard.py not found at", guard_script) ... print("CHECK COMPLETE")Treat missing-helper warnings as a failed scan. The maintainer should fail closed or clearly report an incomplete result.