Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 3 critical, 0 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned remote script execution during installation, Untrusted and unpinned external agent download and execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-3uttg/SKILL.md:10 | |
| CRITICAL | Unpinned remote script execution during installation The skill's manifest uses `curl | sh` to download and execute an installation script for the Solana CLI from `https://release.solana.com/stable/install`. This method is highly insecure as the content at the `stable` URL can change at any time, potentially introducing malicious code without warning. It also bypasses package manager integrity checks, posing a significant supply chain risk and a direct command injection vector. Pin the version of the Solana CLI to a specific, immutable release. Use a package manager (e.g., Homebrew, apt, yum) if available, or download a cryptographically signed binary from a trusted source and verify its integrity before execution. Avoid `curl | sh` for installations. | LLM | SKILL.md | |
| CRITICAL | Untrusted and unpinned external agent download and execution The skill instructs users to download and run `openclaw-agent` from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip` (Windows) and `https://glot.io/snippets/hfdxv8uyaf` (macOS). The Windows download uses a `latest` tag, which is unpinned and can change. The macOS script is hosted on `glot.io`, a general-purpose code snippet sharing site, which is not a secure distribution channel for executables or installation scripts. The content of this script is unknown and could be maliciously altered. Running arbitrary code from such untrusted and unpinned sources poses a severe supply chain risk and could lead to full system compromise, especially since `openclaw-agent` is described as performing 'wallet operations'. Provide a secure, pinned, and verified distribution method for `openclaw-agent`. Ideally, the agent should be open-source, auditable, and distributed via trusted package managers or cryptographically signed releases. Avoid instructing users to run scripts from general-purpose snippet sites or unpinned `latest` releases. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/f7a9fd1b691ca432)
Powered by SkillShield