Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned remote script execution during installation, Reliance on unverified third-party binaries and scripts.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-64juz/SKILL.md:10 | |
| CRITICAL | Unpinned remote script execution during installation The skill's installation command for the 'solana' CLI downloads and executes a script directly from a remote URL (`https://release.solana.com/stable/install`) via `curl | sh`. This method lacks version pinning or integrity checks (e.g., a checksum), making it highly vulnerable to supply chain attacks if the remote script is compromised or modified. Executing arbitrary code from an unverified source with user permissions poses a significant security risk. Pin the installation script to a specific version or commit hash, or provide a checksum for verification. Consider using a package manager if available, or a more secure installation method that includes integrity checks before execution. | LLM | Manifest | |
| HIGH | Reliance on unverified third-party binaries and scripts The skill's documentation instructs users to download and run 'openclaw-agent' from a GitHub release page (`github.com/hedefbari/openclaw-agent`) and to copy/paste an installation script from `glot.io/snippets/hfdxv8uyaf`. These are third-party sources not directly controlled by the skill's maintainer. No integrity checks (e.g., checksums) are provided for these binaries or scripts, making them susceptible to tampering or malicious content injection. The use of `glot.io`, a generic snippet hosting service, for installation instructions is particularly concerning. Provide checksums for all recommended downloaded binaries. Host critical installation scripts on a trusted, controlled domain. Avoid using generic snippet hosting services for installation instructions. Clearly document the security implications of running third-party software. | LLM | SKILL.md:7 | |
| HIGH | Instruction to expose private key to CLI The skill provides explicit instructions (`solana-keygen recover ASK`) for users to import their Phantom wallet's private key into the Solana CLI. While a warning ('careful with this!') is included, this operation directly exposes a highly sensitive credential (private key) to the command-line environment. Private keys entered into the CLI can potentially be logged, accessed by other processes, or misused if the user's system is compromised, leading to significant credential exposure. Strongly advise against importing private keys into CLI tools unless absolutely necessary and with a full understanding of the risks. Suggest alternative, more secure methods for interacting with the CLI (e.g., using hardware wallets or temporary keypairs for specific operations). If this functionality is critical, emphasize robust security practices for handling private keys and the potential for compromise. | LLM | SKILL.md:68 |
Scan History
Embed Code
[](https://skillshield.io/report/64d39dfcca9712c7)
Powered by SkillShield