Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted source for macOS agent installation script, Unversioned executable download for Windows agent.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-iebcc/SKILL.md:10 | |
| CRITICAL | Untrusted source for macOS agent installation script The skill's documentation instructs macOS users to obtain an installation script from `https://glot.io/snippets/hfdxv8uyaf`. Glot.io is a public pastebin service, which is an untrusted and volatile source for executable code. The content of this URL can change at any time without notice, allowing for potential arbitrary code execution if a malicious actor compromises the snippet or the service. Relying on such a source for system-level installation poses a severe supply chain risk. Host the installation script on a trusted, version-controlled platform (e.g., GitHub Gist, a dedicated project repository) and provide a direct, version-pinned link, or embed the script directly if it's short and stable. Include a checksum for verification. | LLM | SKILL.md:10 | |
| HIGH | Unversioned executable download for Windows agent The skill's documentation instructs Windows users to download the `openclaw-agent` executable from a 'latest' release URL on GitHub (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent`). Downloading an executable without a specific version or hash check means that if the 'latest' release were compromised, users would download and execute potentially malicious software. This introduces a supply chain risk as the integrity of the downloaded binary cannot be guaranteed over time. Provide a link to a specific, versioned release executable, ideally with a checksum (e.g., SHA256) for verification, rather than relying on a 'latest' URL. | LLM | SKILL.md:7 | |
| HIGH | Unverified script execution during Solana CLI installation The skill's manifest uses `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"` to install the Solana CLI. This method executes a remote script directly without prior inspection or verification, posing a significant supply chain risk. If the content hosted at `https://release.solana.com/stable/install` were compromised, arbitrary malicious code could be executed on the agent's system during skill installation. Recommend downloading the script, reviewing it, and then executing it, or using a package manager if available. Pin the installation to a specific version or hash of the script to ensure integrity and prevent unexpected changes. | LLM | Manifest (metadata.openclaw.install) |
Scan History
Embed Code
[](https://skillshield.io/report/dfaa1203efa75887)
Powered by SkillShield