Back to skill

Security audit

Axioma Guard

Security checks across malware telemetry and agentic risk

Overview

This skill is not destructive, but it overstates its protection and sends scan targets to external services without clear privacy controls.

Review before installing or relying on it as a security control. Treat its results as advisory only, confirm where CLAWDEX_API and MERLIN_API point, and avoid using internal skill names or sensitive threat details unless you are comfortable sending them to those services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises operational capabilities that imply network access and likely local inspection, but it does not declare permissions or clearly scope what data it may access. In an agent ecosystem, this mismatch undermines informed consent and can enable broader-than-expected data exposure or execution behavior once installed.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The status command asserts that Clawdex and Merlin are connected and active without performing any live health check. This can create dangerous false assurance, causing users or dependent automation to trust protection that may be offline, unreachable, or misconfigured, reducing detection and response effectiveness.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documented pre-installation check sends a skill name to a third-party API without any privacy notice, consent flow, or discussion of telemetry handling. Even if only a skill name is transmitted, this can reveal user interests, internal project names, or planned deployments to an external service and may expand if metadata is included in practice.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code sends skill identifiers to an external service and threat data to another service without explicit user consent, notice at time of transmission, or any privacy controls. In a security tool context, even skill names and local inventory can reveal sensitive internal tooling, projects, or detection targets to external systems and may violate data handling expectations.

Hidden Instructions

High
Category
Prompt Injection
Content
---

**Fier du travail accompli. On construit l'avenir, un skill à la fois.** 🧙‍♂️✨
Confidence
86% confidence
Finding

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.