ClawHub

Phoenix Shield

Security checks across malware telemetry and agentic risk

Overview

Phoenix Shield is a high-impact system update and rollback skill whose advertised safeguards are not verifiable from the submitted package.

Review carefully before installing. Do not use this on production systems, enable the cron example, run rollback/deploy commands, or grant administrative privileges until the missing executable is supplied and reviewed, exact commands and targets are approved, backups are verified, and rollback behavior is tested in a disposable or staging environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly instructs the user to run shell commands that can modify the host system, but there is no declared permission model or explicit capability declaration to signal that behavior. In an agent ecosystem, undocumented shell capability increases risk because users and orchestrators may treat the skill as lower-risk than it actually is, leading to unsafe execution on production hosts.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior claims a sophisticated self-healing backup/update platform, but the static finding indicates the actual skill behavior is limited to installation/setup actions such as placing a binary and creating directories. This mismatch is dangerous because operators may trust the skill to provide backup, health monitoring, canary validation, and rollback guarantees that do not actually exist, creating a false sense of safety during critical updates.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill promotes update, backup, rollback, and recovery workflows that can change packages, services, configs, and system state, but it does not prominently warn users about possible service interruption, package downgrades, or destructive rollback effects. In production contexts, missing warnings can cause administrators to run impactful commands without understanding the operational blast radius.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
These examples include unattended privileged operations such as `apt upgrade -y` and execution of root-owned hooks, which can make irreversible changes on production hosts. Without a clear warning or guardrails, users may copy-paste them directly, causing outages, package regressions, hook abuse, or unexpected post-install side effects under elevated privileges.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal