中文 Axioma 守护
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could trust this as a complete malware scanner and approve skill installation based on incomplete checks.
The provided Python file does not implement these four scanners or actual blocking/quarantine behavior; it mainly checks a skill name against Clawdex and prints results. This overstates the protection users are told they are getting.
运行 4 个安全疫苗: ... C2 疫苗 ... Rootkit 疫苗 ... Chains 疫苗 ... Bootkit 疫苗
Treat the skill as advisory only unless the package adds reviewed implementations for the claimed scanners, real connectivity/status checks, and clear human approval before allowing installs.
Users may not run the reviewed code, or may get a failed scan while believing the guard is installed correctly.
The file manifest provides clawguard.py, not merlin-guard.py. Following the documented command would either fail or run a file outside the reviewed package if one exists in the working directory.
python3 merlin-guard.py scan <skill-path>
Require the package to align documentation, manifest, and executable names before use; run only reviewed files from the skill package.
Skill identifiers and threat reports may be shared with the configured security services.
The skill sends selected skill names or threat data to Clawdex and to a configurable Merlin analysis endpoint. This is aligned with a security-checking purpose, but it is still an external/provider data flow users should understand.
CLAWDEX_API = os.getenv("CLAWDEX_API", "https://clawdex.koi.security/api/skill") ... session.get(f"{CLAWDEX_API}/{skill_name}") ... session.post(f"{MERLIN_API}/analyze", json={"threat": threat_data, "mode": "vaccine"})Use trusted endpoints, avoid sending sensitive local details unless necessary, and review any returned analysis before acting on it.
Scan outcomes or skill names could remain in agent memory and influence later tasks.
The response protocol stores threat-detection information in persistent memory. That can be useful for auditing, but it can also persist security conclusions or identifiers beyond the immediate scan.
2. 记录到 memory.md
Keep memory logging minimal, sanitize sensitive details, and clear or review memory entries when they are no longer needed.