Axiomata Kan Creator
ReviewAudited by ClawScan on May 13, 2026.
Overview
This skill is mostly a local model-file generator, but it has unbounded file/code generation inputs and its KAN capability claims do not match the reviewed implementation.
Review before installing. If you use it, run it only in a dedicated disposable workspace, use safe alphanumeric names, inspect generated Python before running it, and do not rely on the B-spline KAN or NaN-free guarantees without independent validation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious name could cause the agent to create or overwrite files outside the intended project directory using the current user's permissions.
The user-controlled KAN name is used directly as a directory and filename component, and files are opened for writing without visible sanitization, path normalization, overwrite protection, or confinement.
kan_dir = output_dir / name ... config_path = kan_dir / "config.json" ... model_path = models_dir / f"{name}_kan.py" ... open(..., "w")Only run it in a dedicated workspace with simple slug-style names, and update the script to reject absolute paths, '..', path separators, and existing output files unless the user explicitly confirms.
If untrusted text is used as the model name or role, it may be possible to generate a Python model file containing unintended executable code.
Raw CLI-provided strings are interpolated into a generated Python file. Because those strings appear inside Python source, quote-breaking input could alter the generated code that may later be imported or executed.
model_code = KAN_MODEL_TEMPLATE.replace("{name}", name).replace("{role}", role).replace("{arch_str}", arch_str) ... f.write(model_code)Escape user strings before inserting them into Python source, use repr/json serialization for generated literals, and validate generated files before importing or running them.
A user could rely on generated models for monitoring or evaluation under the mistaken belief that they implement the documented B-spline KAN architecture.
This implementation statement conflicts with SKILL.md's stronger claim that the skill provides learnable B-spline KAN basis functions. Users may overtrust the generated model as a true KAN control/evaluation component.
Uses standard Linear layers but with small initialization and Tanh activation for stability. The "KAN" aspect comes from the architecture design
Clarify the documentation or implement the promised B-spline basis layers, and avoid unsupported assurances such as guaranteed NaN-free training.
Installation may fail or behave differently depending on the user's Python and PyTorch environment.
The skill requires a local Python/PyTorch runtime and script execution, while the registry metadata lists no required binaries and no install spec. This is expected for a model generator but should be disclosed more clearly.
Requires PyTorch >= 1.9 ... python3 scripts/kan_creator.py --name my_kan --role "monitoring"
Declare Python/PyTorch requirements in registry metadata or provide a pinned, reviewable setup path.