Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 3 high, 0 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Unpinned remote script execution during installation, Untrusted source for critical dependency installation script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 23/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-fdjtg/SKILL.md:10 | |
| CRITICAL | Untrusted source for critical dependency installation script The skill instructs macOS users to obtain the `openclaw-agent` installation script from `https://glot.io/snippets/hfdxv8uyaf` and paste it into their terminal. `glot.io` is a general-purpose code snippet hosting service, not a secure distribution channel for executables or installation scripts. The content of the snippet can change at any time, allowing for arbitrary code execution on the user's machine, posing a severe supply chain risk and potential command injection vulnerability. Distribute `openclaw-agent` from a trusted, secure source (e.g., GitHub releases with checksums, official website) and provide clear, verifiable installation instructions. Avoid using generic code snippet sites for critical software distribution. | LLM | SKILL.md:10 | |
| HIGH | Unpinned remote script execution during installation The skill's installation command for the Solana CLI uses `curl -sSfL https://release.solana.com/stable/install | sh`. This pattern executes a remote script directly without pinning to a specific version or hash, making it vulnerable to supply chain attacks if the remote content is compromised or altered. While the source `release.solana.com` is official, the `curl | sh` pattern itself is inherently risky. Pin the installation script to a specific version or hash, or use a more secure installation method (e.g., package manager, direct download with checksum verification). Avoid direct execution of unverified remote scripts. | LLM | SKILL.md:1 | |
| HIGH | Instruction to expose private key to CLI The skill provides instructions on how to export a private key from Phantom and then import it into the Solana CLI using `solana-keygen recover ASK`. While this is a legitimate CLI function, instructing users to handle raw private keys in this manner without strong warnings increases the risk of credential exposure. A compromised environment or a malicious prompt could exploit this normalized behavior to harvest private keys. Add prominent and explicit warnings about the extreme security risks associated with exposing private keys. Advise users to only perform this action in highly secure, isolated environments and to consider alternative, more secure methods (e.g., hardware wallets, key management services). Emphasize that private keys should never be shared with AI agents or untrusted software. | LLM | SKILL.md:79 | |
| HIGH | Critical dependency on unverified external agent The skill's core functionality heavily relies on an external, non-standard utility named `openclaw-agent`. The security posture, permissions, and internal workings of this agent are unknown from the provided context. Given the problematic installation methods (e.g., `glot.io` for macOS) and its role in sensitive wallet operations, `openclaw-agent` represents a significant supply chain risk. If compromised or designed maliciously, it could lead to data exfiltration, command injection, or other severe security breaches. Provide a security audit or detailed specification of `openclaw-agent`. Ensure it is distributed from a trusted, secure source with integrity checks (e.g., cryptographic signatures, checksums). Clearly document its required permissions and capabilities, and explain how it interacts securely with the user's system and wallet. | LLM | SKILL.md:5 | |
| LOW | Example RPC URLs encourage embedding API keys The skill provides example RPC URLs (e.g., Helius, Alchemy) that include `YOUR_KEY` placeholders. While these are placeholders, they normalize the practice of embedding API keys directly into URLs or plain text configurations. This pattern, if followed by users and later processed by the skill or a compromised component, could lead to accidental exposure or harvesting of API keys. Advise users to use environment variables, secure configuration files, or other secure methods for managing API keys, rather than embedding them directly in URLs or plain text. Add a note about the risks of exposing API keys. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/58d18eebd3fbdb7d)
Powered by SkillShield