Axioma Skill Evaluator Strict 90%
PassAudited by ClawScan on May 8, 2026.
Overview
This appears to be a local skill-quality checker, not malware, but users should run it carefully because it executes Python over local skill files and includes optional broad/improvement modes.
This skill is reasonable for local, structural skill-quality checks. Before installing or running it, confirm the Python dependencies, avoid giving it credentials, run it on a copy of the target skill, and use '--improve' or '--all' only after you understand whether it writes changes. Treat its 90% approval as a quality signal, not as a guarantee that a skill is safe or production-ready.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill executes local scripts on your machine and reads the target skill directory.
The skill is intended to run bundled Python code against a user-specified local skill directory. This is disclosed and purpose-aligned, but it still executes local code and reads local files.
python3 axiomata-skill-evaluator-strict/evaluator.py <skill-path> --verbose
Run it only from the reviewed package, preferably in a disposable workspace or sandbox, and inspect any dependencies before use.
If used with broad or improvement options, it may process many local skill directories and could potentially change files depending on the improvement implementation.
The evaluator supports a broad '--all' mode and an optional '--improve' mode tied to a hardcoded skills directory. This appears user-directed, but it broadens the scope beyond a single skill.
python3 evaluator.py --all [--improve]
SKILL_DIR = Path("/media/ezekiel/Morgana/skills")Run without '--improve' first, avoid '--all' unless intended, keep backups, and review any diffs or generated reports before accepting changes.
The tool may fail until dependencies are installed, and users may need to decide where to obtain those packages.
The script imports the external PyYAML package, while the registry lists no install spec or required binaries. This is a setup/provenance gap, not evidence of malicious behavior.
import yaml
Document the Python version and dependency versions, ideally with a pinned requirements file or clear trusted install instructions.
A user might over-rely on the numeric score and skip manual, functional, or security review.
The skill presents its heuristic score as an approval/production-readiness decision. That is coherent with a strict quality gate, but users should not confuse it with a full security or official marketplace review.
IF score >= 90%: → APPROVED ✅ — Ready for production
Use the score as one input only; pair it with human review, functional testing, and security review before publishing or trusting a skill.