ClawHub

Phoenix Loop

Security checks across malware telemetry and agentic risk

Overview

The skill’s self-healing purpose is coherent, but it appears to persist and reuse local failure context and may execute recovery steps derived from logs without enough scoping or confirmation.

Review this skill before installing. It may be useful for repeated failure recovery, but only use it if you are comfortable with it reading local task/failure memory and creating persistent recovery material. Avoid running recovery steps automatically from logs, review generated commands before execution, and back up any local skill files before using rollback instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The skill claims to be privacy-first, but it instructs the agent to persist failure patterns, solution steps, and configuration guidance into local memory and reusable skill files. Even with a basic sensitive-data filter, operational details, internal environment structure, and redacted-but-still-sensitive troubleshooting context can be retained and later surfaced to unrelated tasks, creating privacy and data minimization risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The rollback section includes a direct delete command for local skill files without requiring confirmation, backup, or a warning about irreversible data loss. If invoked automatically or by mistake, it can destroy locally accumulated recovery knowledge and potentially remove user-authored artifacts in the same path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal