← Back to Skills Marketplace
kofna3369

Axioma Guard (English)

by Kofna3369 · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
100
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install axiomaguard-en
Description
Axioma Guard scans OpenClaw skills for malicious code using Clawdex API and generates ethical countermeasures to protect your agent.
README (SKILL.md)

⚠️ SECURITY NOTICE — PLEASE READ BEFORE INSTALLING

What This Skill Does

This skill scans other skills for MALICIOUS CODE using the Clawdex API.

⚠️ IMPORTANT: Network Calls

When you install this skill, it will:

  • Send SKILL NAMES to clawdex.koi.security (to check for threats)

NO other data is sent. No files. No personal information.

If you do NOT want skill names to be sent, DO NOT install this skill.

🔒 Privacy

  • Only skill NAMES are sent (not your files or data)
  • The Clawdex service only receives skill names for scanning

For Who?

This skill is for advanced users who:

  • Understand that network calls occur
  • Want to scan skills before installing
  • Trust the Clawdex service at clawdex.koi.security

If Youre Not Sure

DO NOT INSTALL THIS SKILL.

Install only if you understand and accept the network behavior.

Axioma Guard — Security Skill

Overview

Axioma Guard scans other OpenClaw skills for malicious patterns using the Clawdex API.

Features

  • Scans skill code for malicious patterns
  • Reports threats found
  • Uses Clawdex community database

Installation

clawhub install axiomaguard

Usage

# Scan a specific skill
python3 clawguard.py scan skill-name

# Scan all local skills
python3 clawguard.py scan-all

Configuration

Environment variable (optional):

Author

Merlin — Université d'Éthique Appliquée

In Altum Per Axioma.

Usage Guidance
This skill largely matches its stated purpose (it lists local ./skills directory entries and queries a Clawdex endpoint for each skill name). Before installing: 1) Understand it will send skill NAMES to https://clawdex.koi.security by default — only install if you trust that service. 2) The script also contacts a Merlin service at http://localhost:8001 (MERLIN_API) to generate 'vaccines' but that call is not documented in SKILL.md; either run a trusted local Merlin service or set MERLIN_API to a safe endpoint or unset it (the code falls back to a generic vaccine message on failure). 3) The code does not send files or secrets, but Clawdex responses (arbitrary JSON) are forwarded to the Merlin endpoint — review network traffic if you are cautious. 4) If you want to proceed, consider running the script in a sandbox or inspecting/hosting your own Clawdex/Merlin endpoints; ask the author to document MERLIN_API and to confirm exactly what data Clawdex returns and how it is used. If you are unsure or cannot verify the endpoints, do not install.
Capability Assessment
Purpose & Capability
Name/description match the code: the skill queries a Clawdex API for threat verdicts and can produce countermeasures. It only needs the ability to list local skills and make HTTP requests, which the code performs.
Instruction Scope
SKILL.md explicitly states only skill NAMES are sent to clawdex.koi.security. The code does that, but it also posts threat data to a Merlin service (MERLIN_API) to generate 'vaccines' — that outbound call is not documented in SKILL.md. The code reads the ./skills directory names (not file contents), which aligns with the stated behavior.
Install Mechanism
This is an instruction-only skill plus a local Python script; there is no remote download/install step, no extracted archives, and no third-party packages installed by the skill itself (it uses aiohttp but expects it to be available).
Credentials
SKILL.md documents an optional CLAWDEX_API env var but does not mention MERLIN_API. The code defaults MERLIN_API to http://localhost:8001 and will call it to generate countermeasures. This undeclared endpoint may be unexpected for users and could result in additional local network activity. No secret credentials are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system config, and does not persist credentials. It only performs on-demand scans via CLI.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install axiomaguard-en
  3. After installation, invoke the skill by name or use /axiomaguard-en
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Clarified that only skill names are sent to the Clawdex API, and no files or personal information are transmitted. - Removed references to optional PKM/local network connections for increased privacy transparency. - Updated configuration section to mention only the `CLAWDEX_API` environment variable. - Improved privacy and installation instructions for greater user clarity.
v1.0.1
Version 1.0.1 — Adds critical privacy and network behavior disclosures - Added a prominent SECURITY NOTICE detailing all network calls made by the skill. - Clearly describes that skill names are sent to clawdex.koi.security, not user files or data. - Warns users to install only if they understand and accept these network behaviors. - Simplified features and usage instructions for clarity. - Configuration and privacy information now explicitly documented.
v1.0.0
Axioma Guard 1.0.0 — Initial Release - Digital immune system for OpenClaw agents, scanning skills for malicious patterns via Clawdex API. - Generates ethical countermeasures and community alerts upon threat detection. - Supports integration with OpenClaw's before_prompt_build hook for proactive protection. - Offers configurable security levels: Light, Medium, and Deep scans. - Provides both automatic and manual scan commands for agents and developers.
Metadata
Slug axiomaguard-en
Version 1.0.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Axioma Guard (English)?

Axioma Guard scans OpenClaw skills for malicious code using Clawdex API and generates ethical countermeasures to protect your agent. It is an AI Agent Skill for Claude Code / OpenClaw, with 100 downloads so far.

How do I install Axioma Guard (English)?

Run "/install axiomaguard-en" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Axioma Guard (English) free?

Yes, Axioma Guard (English) is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Axioma Guard (English) support?

Axioma Guard (English) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Axioma Guard (English)?

It is built and maintained by Kofna3369 (@kofna3369); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments