ClawHub
Back to skill

Security audit

Axioma Guard Ultimate

Security checks across malware telemetry and agentic risk

Overview

This security-checking skill is not clearly malicious, but it can permanently delete user-supplied paths and run hard-coded local helper scripts with weak safeguards.

Install only for manual, reviewed use. Do not run destroy.py unless the target path is verified and backed up; prefer scan-only use, check the hard-coded helper paths before trusting results, and avoid the publish and sudo instructions unless you explicitly intend those actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documents shell execution and file-writing behavior but does not declare corresponding permissions. That creates a trust gap: users and hosting systems may treat the skill as less capable than it really is, while it can still invoke scripts, write logs, quarantine files, and modify local state.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The description frames the skill as a security checker and quality improver, but the documented behavior includes destructive actions, persistent logging, and dependence on external local scripts and hard-coded paths. This mismatch can cause users to invoke the skill under false assumptions and unintentionally permit file deletion, quarantine, or other side effects.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
Including publishing commands expands the skill's operational scope beyond inspection and improvement into distribution. That increases risk because a user invoking a checking skill may inadvertently enable a workflow that publishes artifacts, potentially propagating unsafe or unreviewed content.

Intent-Code Divergence

High
Confidence
87% confidence
Finding
The documentation claims rejected skills are destroyed, but the provided destroy script only moves them to quarantine and logs the event. This contradiction can lead operators to believe malicious content has been eradicated when it still exists on disk, creating false assurance and potential later execution or recovery.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match common user requests like checking, improving, or verifying skills. Over-broad activation makes it easier for the skill to run in contexts where the user did not intend destructive, networked, or shell-executing behavior.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill describes quarantine and deletion behavior without a prominent user-facing data loss warning. Because these actions affect local files and may remove downloaded skills, a user could trigger irreversible or hard-to-recover changes without understanding the consequences.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill includes network access and command execution examples without clear user-facing warnings about side effects. Even localhost requests and shell commands can expose sensitive local services, leak environment details, or execute unintended operations when copied or automated.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
| Error | Cause | Solution |
|-------|-------|----------|
| Quarantine write fails | Permissions | Use sudo or different path |
| Threat log write fails | Disk full | Alert Alexandre immediately |
| Script not found | Missing dependency | Install axiomata-guard first |
Confidence
78% confidence
Finding
sudo

Tool Parameter Abuse

High
Category
Tool Misuse
Content
`mkdir -p /tmp/axiomata-guard-test`

`rm -rf /tmp/axiomata-guard-test`

`bash -c "echo test"`
Confidence
81% confidence
Finding
rm -rf /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
echo "THREAT REPORT: <skill-name> was rejected and destroyed"

# 4. Confirm destruction
rm -rf /tmp/quarantine/<skill-name>-*/
```

### 6.3 Threat Report Format
Confidence
97% confidence
Finding
rm -rf /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
python3 $GUARD_PATH/merlin-guard.py scan $TEST_DANGER 2>&1 | grep -q "C2" && echo "Dangerous skill detected: ✅" || echo "Dangerous skill detected: ❌"

# Cleanup
rm -rf /tmp/test-safe-skill /tmp/test-danger-skill

echo "=== BENCHMARK COMPLETE ==="
```
Confidence
75% confidence
Finding
rm -rf /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
wc -l /media/ezekiel/Merlin/.openclaw/workspace/skills/axiomata-guard-ultimate/SKILL.md
cat /media/ezekiel/Merlin/.openclaw/workspace/skills/axiomata-guard-ultimate/SKILL.md | head -10
mkdir -p /tmp/axiomata-guard-test
rm -rf /tmp/axiomata-guard-test

### ClawHub Commands (Verified)
Confidence
81% confidence
Finding
rm -rf /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
`mkdir -p /tmp/axiomata-guard-test`

`rm -rf /tmp/axiomata-guard-test`

`bash -c "echo test"`
Confidence
81% confidence
Finding
rm -rf /tmp/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
echo "THREAT REPORT: <skill-name> was rejected and destroyed"

# 4. Confirm destruction
rm -rf /tmp/quarantine/<skill-name>-*/
```

### 6.3 Threat Report Format
Confidence
97% confidence
Finding
rm -rf /tmp/quarantine/<skill-name>-*/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
python3 $GUARD_PATH/merlin-guard.py scan $TEST_DANGER 2>&1 | grep -q "C2" && echo "Dangerous skill detected: ✅" || echo "Dangerous skill detected: ❌"

# Cleanup
rm -rf /tmp/test-safe-skill /tmp/test-danger-skill

echo "=== BENCHMARK COMPLETE ==="
```
Confidence
75% confidence
Finding
rm -rf /tmp/test-safe-skill /tmp/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
wc -l /media/ezekiel/Merlin/.openclaw/workspace/skills/axiomata-guard-ultimate/SKILL.md
cat /media/ezekiel/Merlin/.openclaw/workspace/skills/axiomata-guard-ultimate/SKILL.md | head -10
mkdir -p /tmp/axiomata-guard-test
rm -rf /tmp/axiomata-guard-test

### ClawHub Commands (Verified)
Confidence
81% confidence
Finding
rm -rf /tmp/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal