← 返回 Skills 市场

Axioma Guard (English)

Name: Axioma Guard (English)
Author: kofna3369

作者 Kofna3369 · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

100

总下载

当前安装

版本数

在 OpenClaw 中安装

/install axiomaguard-en

功能描述

Axioma Guard scans OpenClaw skills for malicious code using Clawdex API and generates ethical countermeasures to protect your agent.

使用说明 (SKILL.md)

⚠️ SECURITY NOTICE — PLEASE READ BEFORE INSTALLING

What This Skill Does

This skill scans other skills for MALICIOUS CODE using the Clawdex API.

⚠️ IMPORTANT: Network Calls

When you install this skill, it will:

Send SKILL NAMES to clawdex.koi.security (to check for threats)

NO other data is sent. No files. No personal information.

If you do NOT want skill names to be sent, DO NOT install this skill.

🔒 Privacy

Only skill NAMES are sent (not your files or data)
The Clawdex service only receives skill names for scanning

For Who?

This skill is for advanced users who:

Understand that network calls occur
Want to scan skills before installing
Trust the Clawdex service at clawdex.koi.security

If Youre Not Sure

DO NOT INSTALL THIS SKILL.

Install only if you understand and accept the network behavior.

Axioma Guard — Security Skill

Overview

Axioma Guard scans other OpenClaw skills for malicious patterns using the Clawdex API.

Features

Scans skill code for malicious patterns
Reports threats found
Uses Clawdex community database

Installation

clawhub install axiomaguard

Usage

# Scan a specific skill
python3 clawguard.py scan skill-name

# Scan all local skills
python3 clawguard.py scan-all

Configuration

Environment variable (optional):

CLAWDEX_API - Clawdex endpoint (default: https://clawdex.koi.security/api/skill)

Author

Merlin — Université d'Éthique Appliquée

In Altum Per Axioma.

安全使用建议

This skill largely matches its stated purpose (it lists local ./skills directory entries and queries a Clawdex endpoint for each skill name). Before installing: 1) Understand it will send skill NAMES to https://clawdex.koi.security by default — only install if you trust that service. 2) The script also contacts a Merlin service at http://localhost:8001 (MERLIN_API) to generate 'vaccines' but that call is not documented in SKILL.md; either run a trusted local Merlin service or set MERLIN_API to a safe endpoint or unset it (the code falls back to a generic vaccine message on failure). 3) The code does not send files or secrets, but Clawdex responses (arbitrary JSON) are forwarded to the Merlin endpoint — review network traffic if you are cautious. 4) If you want to proceed, consider running the script in a sandbox or inspecting/hosting your own Clawdex/Merlin endpoints; ask the author to document MERLIN_API and to confirm exactly what data Clawdex returns and how it is used. If you are unsure or cannot verify the endpoints, do not install.

能力评估

✓ Purpose & Capability

Name/description match the code: the skill queries a Clawdex API for threat verdicts and can produce countermeasures. It only needs the ability to list local skills and make HTTP requests, which the code performs.

⚠ Instruction Scope

SKILL.md explicitly states only skill NAMES are sent to clawdex.koi.security. The code does that, but it also posts threat data to a Merlin service (MERLIN_API) to generate 'vaccines' — that outbound call is not documented in SKILL.md. The code reads the ./skills directory names (not file contents), which aligns with the stated behavior.

✓ Install Mechanism

This is an instruction-only skill plus a local Python script; there is no remote download/install step, no extracted archives, and no third-party packages installed by the skill itself (it uses aiohttp but expects it to be available).

⚠ Credentials

SKILL.md documents an optional CLAWDEX_API env var but does not mention MERLIN_API. The code defaults MERLIN_API to http://localhost:8001 and will call it to generate countermeasures. This undeclared endpoint may be unexpected for users and could result in additional local network activity. No secret credentials are requested.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills or system config, and does not persist credentials. It only performs on-demand scans via CLI.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install axiomaguard-en
安装完成后，直接呼叫该 Skill 的名称或使用 /axiomaguard-en 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

- Clarified that only skill names are sent to the Clawdex API, and no files or personal information are transmitted. - Removed references to optional PKM/local network connections for increased privacy transparency. - Updated configuration section to mention only the `CLAWDEX_API` environment variable. - Improved privacy and installation instructions for greater user clarity.

v1.0.1

Version 1.0.1 — Adds critical privacy and network behavior disclosures - Added a prominent SECURITY NOTICE detailing all network calls made by the skill. - Clearly describes that skill names are sent to clawdex.koi.security, not user files or data. - Warns users to install only if they understand and accept these network behaviors. - Simplified features and usage instructions for clarity. - Configuration and privacy information now explicitly documented.

v1.0.0

Axioma Guard 1.0.0 — Initial Release - Digital immune system for OpenClaw agents, scanning skills for malicious patterns via Clawdex API. - Generates ethical countermeasures and community alerts upon threat detection. - Supports integration with OpenClaw's before_prompt_build hook for proactive protection. - Offers configurable security levels: Light, Medium, and Deep scans. - Provides both automatic and manual scan commands for agents and developers.

元数据

Slug axiomaguard-en

版本 1.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题