Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unverified Solana CLI Installation via Curl | Sh, Direct Executable Download for openclaw-agent (Windows).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-0snsv/SKILL.md:10 | |
| CRITICAL | Arbitrary Script Execution from Untrusted Snippet Host (macOS) The skill instructs macOS users to visit `https://glot.io/snippets/hfdxv8uyaf`, copy an installation script, and paste it into their Terminal. `glot.io` is a general-purpose code snippet hosting service and is not a trusted distribution channel for executable scripts. The content of the snippet can be changed by its author at any time without notice, allowing for arbitrary command injection and execution of malicious code on the user's system. This is a severe supply chain risk and a direct instruction for potential command injection. Remove instructions to execute scripts from untrusted or unverified sources like `glot.io`. Provide a secure, verified installation method for `openclaw-agent` on macOS, similar to the recommendations for Windows, or host the script on a trusted, version-controlled repository with clear verification steps. | LLM | SKILL.md:10 | |
| HIGH | Direct Executable Download for openclaw-agent (Windows) The skill instructs Windows users to download an executable (`openclaw-agent.zip`) directly from a GitHub release URL (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`). This download lacks version pinning and checksum verification. Downloading and running unverified executables from external sources poses a significant supply chain risk, as a compromise of the GitHub repository or the release asset could lead to the execution of malicious software. Provide a more secure installation method, such as a signed installer, a package manager, or at minimum, specific versioned downloads with cryptographic hash (SHA256) verification instructions. Clearly state the expected hash for the downloaded file. | LLM | SKILL.md:7 | |
| HIGH | Instruction to Expose Private Key to CLI The skill provides instructions to 'Export Account for CLI' using `solana-keygen recover ASK`. This command prompts the user to input their private key or seed phrase directly into the command line. While a legitimate Solana CLI function, instructing users to expose highly sensitive cryptographic credentials to a CLI, especially within an environment potentially managed by an `openclaw-agent` (which itself has installation security concerns), creates a significant credential harvesting risk. If the `openclaw-agent` or the host environment is compromised, these credentials could be intercepted. Strongly advise against exporting private keys to CLI tools unless absolutely necessary and with full understanding of the risks. If this functionality is critical, add prominent warnings about the dangers, recommend using hardware wallets, and suggest using temporary, low-value accounts for CLI interactions. Emphasize that private keys should never be stored unencrypted on disk or entered into untrusted environments. | LLM | SKILL.md:74 | |
| MEDIUM | Unverified Solana CLI Installation via Curl | Sh The skill's manifest installs the Solana CLI by piping the output of `curl` directly into `sh`. This method downloads and executes a script from a remote URL (`https://release.solana.com/stable/install`) without any version pinning or checksum verification. While `release.solana.com` is a legitimate source, this practice introduces a supply chain risk, as a compromise of the remote server could lead to the execution of arbitrary malicious code on the host system. Prefer installing CLI tools via trusted package managers (e.g., Homebrew, apt, yum) or by downloading a specific version and verifying its checksum/signature before execution. If `curl | sh` is unavoidable, consider adding a version check or a hash verification step. | LLM | Manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/417856e6a7df2ada)
Powered by SkillShield