Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned remote script execution for Solana CLI installation, Instruction to execute arbitrary script from glot.io for macOS setup.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-afnuz/SKILL.md:10 | |
| CRITICAL | Instruction to execute arbitrary script from glot.io for macOS setup The skill instructs macOS users to visit `https://glot.io/snippets/hfdxv8uyaf`, copy an installation script, and paste it into their Terminal for `openclaw-agent` setup. `glot.io` is a public pastebin-like service and is not a trusted source for distributing executable software. The content of the snippet can change at any time, potentially leading to the execution of arbitrary malicious code on the user's system. This is a severe supply chain risk and an indirect command injection vector, as the user is explicitly told to execute untrusted code. Do not instruct users to execute scripts from untrusted or ephemeral sources like pastebins. Provide a direct download link to a versioned, signed executable, or a well-maintained package manager installation method. | LLM | SKILL.md:10 | |
| HIGH | Unpinned remote script execution for Solana CLI installation The skill's manifest installs the Solana CLI by executing a script downloaded directly from `https://release.solana.com/stable/install` using `curl | sh`. While `release.solana.com` is the official source, this method does not pin to a specific version or hash, meaning that if the remote script were ever compromised, the agent would execute arbitrary malicious code during installation. This introduces a significant supply chain risk. Pin the installation script to a specific version or commit hash, or download and verify the script locally before execution. Alternatively, use a package manager if available and suitable for the environment. | LLM | SKILL.md (Manifest) | |
| MEDIUM | Download of unversioned executable from GitHub releases for Windows setup The skill instructs Windows users to download `openclaw-agent.zip` from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`. Using the `latest` tag means the downloaded executable is not pinned to a specific version. If the `latest` release on the GitHub repository were to be updated with a malicious version, users following these instructions would download and potentially execute compromised software. Provide a direct download link to a specific, versioned release asset (e.g., `.../download/v1.2.3/openclaw-agent.zip`) instead of using the mutable `latest` tag. Consider providing checksums for verification. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/1b931bf184a46c36)
Powered by SkillShield