Phantom Limb
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: phantom-limb Version: 1.0.0 The 'phantom-limb' skill is a static analysis tool designed to detect 'phantom dependencies' in codebases. The `SKILL.md` clearly outlines its diagnostic purpose, detailing methods like scanning source files, environment variables, and configuration files (e.g., `.env`, CI/CD configs, deployment manifests). Crucially, it explicitly states 'Zero external dependencies. Zero API calls' and `requires_api: false`, indicating no intent for data exfiltration or unauthorized network communication. There is no evidence of malicious instructions, obfuscation, or attempts to manipulate the AI agent for harmful purposes; all described actions are consistent with its stated code health diagnostic function.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may bring sensitive configuration values into the conversation context while performing the analysis.
The skill explicitly asks the agent to inspect environment and deployment configuration files, which may contain secrets or sensitive infrastructure details.
Cross-reference every `process.env`, `os.environ`, `ENV[]` read against actual `.env`, `.env.example`, CI/CD configs, and deployment manifests.
Run it only on intended repositories, avoid including real secrets where possible, and instruct the agent to report variable names and file references without quoting secret values.