Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Phoenix Loop
v1.0.0Auto-diagnose agent failures, extract reusable recovery patterns, and create local skills to fix recurring blockers while keeping all data private and local.
⭐ 0· 372·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description (auto-diagnose failures, extract patterns, create local skills) align with the actions the skill asks the agent to take: read local memory files, extract patterns, and write skill files to skills/local/. No unrelated credentials, binaries, or network endpoints are requested.
Instruction Scope
Instructions operate only on local paths (memory/, skills/local/, HEARTBEAT.md) and include explicit privacy checks. Minor issues: the runtime uses PowerShell commands (Get-Content, Select-String, Test-Path, Rename-Item) but the skill has no OS restriction — this could break on systems without PowerShell or lead to different behavior on Unix. There is a filename inconsistency in completion checks (examples use both skills/local/{name}-recovery.md and skills/local/{name}.md). The sensitive-data filter relies on simple pattern matching which could miss secrets encoded differently; the doc does not require aborting when secrets are found, only removing/matching.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written by an installer; all actions are local file reads/writes performed by the agent at runtime.
Credentials
The skill requests no environment variables, credentials, or external tokens. It references the OPENCLAW_ prefix in its sensitive-data filter (to avoid recording platform tokens) but does not require or attempt to read such environment variables; this is proportionate to its stated privacy goal.
Persistence & Privilege
The skill creates and updates files under skills/local/, which persist and can change the agent's future behavior (new recovery skills can be auto-invoked later). always:false (not force-included) mitigates some risk, but persistent creations mean you should review any generated local skill before allowing autonomous re-use. The skill's ability to write persistent executable artifacts is expected for its purpose but raises a usable-security consideration.
Assessment
This skill appears to do what it claims and keeps data local, but review these before installing: 1) Platform compatibility — the SKILL.md uses PowerShell commands; ensure your agent runtime supports PowerShell or adapt the commands. 2) Review and approve generated files — the skill will create/update files in skills/local/ that the agent can later run; you should inspect new recovery skills before trusting them for autonomous fixes. 3) Privacy filtering is regex-based and imperfect — run the provided privacy-checklist and consider stronger secret-detection if you have high-sensitivity data. 4) Filename/verification inconsistencies — the skill has a small mismatch in example filenames; test the workflow in a sandbox copy of your repository. 5) Back up skills/local/ and memory/ before first run, and consider restricting autonomous invocation or enabling a manual approval step for new skills until you are comfortable with the loop's behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97emqx54y6nst8ncctbny1zth821c4b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.