Back to skill
Skillv1.0.0
VirusTotal security
Phoenix Loop · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:46 AM
- Hash
- 05e76795cacee294e3d73bab6a94c6d6fb6d7bcec193dcc3c79ff52dfb69b72d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: phoenix-loop Version: 1.0.0 The 'phoenix-loop' skill aims to improve agent performance by diagnosing failures and creating reusable recovery skills. However, it instructs the agent to extract 'solution steps' and 'fallback actions' from local failure logs (`memory/blocked-items.md`, `memory/tasks.md`) and then execute these steps. If these logs contain attacker-controlled input (e.g., a crafted error message or task description), the agent could be prompted to generate and execute arbitrary commands as part of its self-healing process. While the skill includes a 'Sensitive Data Filter' in `SKILL.md` and `references/privacy-checklist.md` to prevent sensitive data leakage, it does not explicitly sanitize commands or instructions extracted from logs, creating a significant prompt injection vulnerability against the agent.
- External report
- View on VirusTotal