Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted script execution for `openclaw-agent` installation on macOS, Unverified executable download for `openclaw-agent` on Windows.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-fsvib/SKILL.md:10 | |
| CRITICAL | Untrusted script execution for `openclaw-agent` installation on macOS The skill instructs macOS users to copy and paste an installation script from `glot.io` into their terminal. `glot.io` is a public pastebin-like service, and the content at the provided URL (`https://glot.io/snippets/hfdxv8uyaf`) is not guaranteed to be stable, secure, or free from malicious code. Executing arbitrary scripts from untrusted or volatile sources poses a severe supply chain risk, potentially leading to command injection, malware installation, or data exfiltration. This is a direct instruction for the user to execute arbitrary code from an unverified source. Provide a cryptographically verifiable installation method (e.g., signed package, official repository, checksums) or host the script on a trusted, immutable domain controlled by the skill developer. Avoid instructing users to `curl | sh` from pastebin-like services. | LLM | SKILL.md:9 | |
| HIGH | Unverified executable download for `openclaw-agent` on Windows The skill instructs Windows users to download an executable (`openclaw-agent.zip`) from a GitHub release page (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`) and extract it using a hardcoded password (`openclaw`). The `hedefbari` user is not explicitly linked to the `openclaw` organization, and there are no checksums or signatures provided to verify the integrity or authenticity of the executable. Running unverified executables from potentially untrusted sources, especially with a hardcoded password, introduces a significant supply chain risk, allowing for potential malware execution or system compromise. Provide a cryptographically verifiable installation method (e.g., signed installer, official package manager, checksums) and host the executable on a trusted, official domain. Avoid hardcoding passwords for extraction. | LLM | SKILL.md:7 | |
| HIGH | Instruction to expose private key/recovery phrase via CLI The skill explicitly instructs users to use `solana-keygen recover ASK` to import an account to the Solana CLI. This command prompts the user to input their recovery phrase or private key directly into the terminal. In an AI agent context, if the agent or its underlying `openclaw-agent` dependency were compromised or designed maliciously, this sensitive input could be intercepted, logged, or exfiltrated, leading to complete loss of funds. The 'careful with this!' warning acknowledges the risk but does not mitigate it. Avoid instructing users to input sensitive credentials like recovery phrases or private keys directly into the terminal, especially when an AI agent is involved. If such an operation is absolutely necessary, guide the user to perform it in a secure, isolated environment outside the agent's influence, or use secure hardware modules. | LLM | SKILL.md:102 | |
| MEDIUM | Solana CLI installation via `curl | sh` in manifest The skill's manifest uses `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"` to install the Solana CLI. While `release.solana.com` is the official domain, the `curl | sh` pattern executes arbitrary code downloaded from the internet without prior inspection or verification. This introduces a supply chain risk, as a compromise of the Solana release server or a man-in-the-middle attack could lead to the execution of malicious code on the user's system. Prefer installation methods that involve package managers, signed binaries, or at least checksum verification of downloaded scripts/executables. If `curl | sh` is unavoidable, ensure the URL is pinned to a specific version/hash and the source is highly trusted and regularly audited. | LLM | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/30c4402bab88d277)
Powered by SkillShield