Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted executable download for Windows, Untrusted script execution from pastebin for macOS.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-ftbrg/SKILL.md:10 | |
| CRITICAL | Untrusted executable download for Windows The skill instructs users to download and run an executable from a third-party GitHub repository (hedefbari/openclaw-agent) for Windows. This poses a significant supply chain risk as the source is not officially verified and the executable could contain malicious code. The mention of a password ('openclaw') for the zip file adds to the suspicion, potentially indicating an attempt to bypass security scans or hide content. Replace instructions with a verified, secure installation method for 'openclaw-agent', or provide the agent directly within the skill package after thorough security review. Avoid directing users to download and run arbitrary executables from unverified sources. | LLM | SKILL.md:9 | |
| CRITICAL | Untrusted script execution from pastebin for macOS The skill instructs users to visit a glot.io snippet (a pastebin service) and copy-paste an installation script into their Terminal for macOS. Executing arbitrary scripts from unverified pastebin services is an extremely high supply chain risk and a direct command injection vector, as the content of the script is unknown and could be malicious. This allows for arbitrary code execution on the user's system. Remove instructions to execute scripts from unverified pastebin services. Provide a secure, verified installation method for 'openclaw-agent' or include the necessary components directly within the skill package after security review. | LLM | SKILL.md:12 | |
| HIGH | Potential Command Injection via 'open' command The skill documents a command `open "https://solscan.io/account/YOUR_ADDRESS"`. If the `YOUR_ADDRESS` placeholder is replaced by unsanitized user input by the agent, it could lead to command injection (e.g., `open "https://solscan.io/account/foo"; rm -rf /`). This allows an attacker to execute arbitrary commands on the host system. Ensure that any user-provided input used to construct shell commands is rigorously sanitized and validated. For URL parameters, encode them properly. Consider using a safer method than direct shell execution for opening URLs, if available within the agent's capabilities, or strictly whitelist allowed characters for `YOUR_ADDRESS`. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/f5bede29a218575e)
Powered by SkillShield