Phoenix Loop
ReviewAudited by ClawScan on May 10, 2026.
Overview
Phoenix Loop is privacy-oriented and local-only, but it asks the agent to create, update, and automatically reuse local skills on a recurring basis without clear human approval gates.
Use this only if you intentionally want the agent to maintain local recovery skills. Before enabling it, require manual review for HEARTBEAT.md changes and for every generated or updated skill, keep generated content free of secrets and personal details, and periodically inspect or delete files under skills/local/ and memory/.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future tasks could be affected by automatically generated recovery instructions, even if those instructions are incomplete, overbroad, or based on sensitive task context.
The skill turns failure history into persistent local instructions that are reused and updated later. Without a required review gate, a bad diagnosis or poisoned memory entry could influence future agent behavior.
Write the lesson to a local skill: `skills/local/{pattern_name}-recovery.md` ... Next time a similar issue occurs: 1. Search `skills/local/` for matching skills 2. Execute recovery steps 3. Log result to `memory/{date}.md` 4. Update skill if neededRequire explicit user review before writing, updating, or reusing any generated recovery skill, and keep generated files limited to non-sensitive pattern summaries.
The agent may continue reviewing blockers and changing local recovery skills on a schedule, which could surprise users or change future behavior without fresh confirmation.
The skill asks to install a recurring self-check that can make ongoing changes to local skills. This is persistent autonomous behavior and is not limited to a single user-invoked task.
Add to `HEARTBEAT.md`: ... `## Self-Check (Every 24 Hours)` ... `Run phoenix-loop diagnosis on each long-term blocker` ... `If reusable pattern found, create or update skill`
Make the heartbeat opt-in, require confirmation before each create/update action, document how to disable it, and log every scheduled change.
A generated recovery skill could cause the agent to run commands or take account/environment-changing actions automatically if a future failure matches the pattern.
The generated skill template permits automatic execution of recovery and fallback actions, but the artifacts do not define allowed action types, approval requirements, or safety limits.
Next time an API key issue occurs, auto-apply this skill. ... `If failed, execute {fallback_action}`Limit recovery skills to advisory steps by default, require user approval before executing commands or changing configuration, and define a denylist for destructive or account-mutating actions.