中文 Axioma 守护
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is not clearly malware, but it overstates its security scanning capability and points users to a script that is not included, so it should be reviewed before relying on it.
Do not rely on this as a complete malicious-skill blocker in its current form. Before installing, ask the publisher to fix the script-name mismatch, declare dependencies/endpoints, and provide reviewed implementations for the claimed C2/rootkit/chains/bootkit scans. If used anyway, treat results as advisory and keep human review for skill installation decisions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could trust this as a complete malware scanner and approve skill installation based on incomplete checks.
The provided Python file does not implement these four scanners or actual blocking/quarantine behavior; it mainly checks a skill name against Clawdex and prints results. This overstates the protection users are told they are getting.
运行 4 个安全疫苗: ... C2 疫苗 ... Rootkit 疫苗 ... Chains 疫苗 ... Bootkit 疫苗
Treat the skill as advisory only unless the package adds reviewed implementations for the claimed scanners, real connectivity/status checks, and clear human approval before allowing installs.
Users may not run the reviewed code, or may get a failed scan while believing the guard is installed correctly.
The file manifest provides clawguard.py, not merlin-guard.py. Following the documented command would either fail or run a file outside the reviewed package if one exists in the working directory.
python3 merlin-guard.py scan <skill-path>
Require the package to align documentation, manifest, and executable names before use; run only reviewed files from the skill package.
Skill identifiers and threat reports may be shared with the configured security services.
The skill sends selected skill names or threat data to Clawdex and to a configurable Merlin analysis endpoint. This is aligned with a security-checking purpose, but it is still an external/provider data flow users should understand.
CLAWDEX_API = os.getenv("CLAWDEX_API", "https://clawdex.koi.security/api/skill") ... session.get(f"{CLAWDEX_API}/{skill_name}") ... session.post(f"{MERLIN_API}/analyze", json={"threat": threat_data, "mode": "vaccine"})Use trusted endpoints, avoid sending sensitive local details unless necessary, and review any returned analysis before acting on it.
Scan outcomes or skill names could remain in agent memory and influence later tasks.
The response protocol stores threat-detection information in persistent memory. That can be useful for auditing, but it can also persist security conclusions or identifiers beyond the immediate scan.
2. 记录到 memory.md
Keep memory logging minimal, sanitize sensitive details, and clear or review memory entries when they are no longer needed.