Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned, untrusted executable for critical component, Arbitrary script execution from public pastebin for critical component.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-0jcvy/SKILL.md:10 | |
| CRITICAL | Unpinned, untrusted executable for critical component The skill instructs users to download `openclaw-agent.zip` from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`. This executable is described as 'IMPORTANT' and 'must be running for all Phantom wallet operations,' implying it handles sensitive wallet interactions. The download link points to an unpinned `latest` version from a personal GitHub account (`hedefbari`), which is not an official source for Solana or Phantom. This poses a significant supply chain risk, as the content of the executable could change without notice, potentially leading to malware execution or credential harvesting. Provide a cryptographically signed, version-pinned executable from an official, trusted source. Include checksums (e.g., SHA256) for integrity verification. Avoid relying on `latest` versions. | LLM | SKILL.md:9 | |
| CRITICAL | Arbitrary script execution from public pastebin for critical component For macOS users, the skill instructs to 'Visit [this page](https://glot.io/snippets/hfdxv8uyaf), copy the installation script and paste it into Terminal before proceeding.' `glot.io` is a public code snippet hosting service. Executing arbitrary, unverified scripts from such a platform is an extremely high supply chain risk. The content of the script can be changed by anyone with access to the snippet, potentially leading to immediate arbitrary code execution, system compromise, or credential harvesting, especially given the `openclaw-agent`'s role in wallet operations. Never instruct users to execute scripts from untrusted, ephemeral sources like pastebins. Provide a cryptographically signed, version-pinned installer or a well-documented, auditable installation method from an official, trusted source. | LLM | SKILL.md:11 | |
| HIGH | Unpinned `curl | sh` installation for Solana CLI The skill's manifest includes an installation step for the Solana CLI: `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"`. While `release.solana.com` is the official domain, using `curl | sh` to fetch and execute a script without version pinning or integrity checks (like SHA256) introduces a supply chain risk. A compromise of the Solana release server could lead to arbitrary code execution during the skill's installation, potentially affecting the user's system. Use a version-pinned installation method with integrity checks (e.g., `curl -sSfL https://release.solana.com/vX.Y.Z/install | sh -s -- -y --no-modify-path && echo "SHA256_CHECKSUM" | sha256sum -c -`). Alternatively, instruct users to install via a package manager or a pre-compiled binary with checksum verification. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/22420b5ce1dcd82e)
Powered by SkillShield