Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned `curl | sh` installation for Solana CLI, Recommendation to execute arbitrary script from untrusted pastebin.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-jwik3/SKILL.md:10 | |
| CRITICAL | Recommendation to execute arbitrary script from untrusted pastebin The skill's documentation instructs macOS users to 'Visit [this page](https://glot.io/snippets/hfdxv8uyaf), copy the installation script and paste it into Terminal'. `glot.io` is a code-sharing platform, not a trusted distribution channel for executables. Running arbitrary scripts from such sources grants full system access and poses a critical supply chain risk, as the content of the script can change at any time without notice, potentially leading to command injection or data exfiltration if the pastebin content is compromised or malicious. Replace the `glot.io` link with a link to a signed, versioned executable or a script hosted on a trusted, version-controlled platform (e.g., a specific release asset on GitHub) with clear instructions for verification (e.g., checksums). | LLM | SKILL.md:10 | |
| HIGH | Unpinned `curl | sh` installation for Solana CLI The skill's manifest uses `curl -sSfL https://release.solana.com/stable/install | sh` to install the Solana CLI. This method is risky as it executes an unverified script directly from the internet. The `stable` tag means it's unpinned, allowing the script to change without explicit review, potentially introducing vulnerabilities or malicious code into the agent's environment during installation. Recommend using a package manager (e.g., Homebrew, apt) if available, or downloading a specific, checksummed release binary. If `curl | sh` is unavoidable, consider pinning to a specific version and verifying the script's content or signature. | LLM | SKILL.md (manifest) | |
| HIGH | Recommendation to download and run unpinned executable from GitHub release The skill's documentation instructs Windows users to 'Download [openclaw-agent](https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip) (extract using pass: `openclaw`) and run the executable'. Downloading and running an executable from an unpinned `latest` GitHub release is a significant supply chain risk. The `latest` tag can be updated with new, potentially malicious versions without user awareness. Additionally, requiring a password for extraction is a weak security measure and doesn't mitigate the risk of the executable itself being malicious. Recommend downloading a specific, versioned release asset with a cryptographic hash (checksum) for verification. Avoid using `latest` tags for security-sensitive installations. Provide clear instructions on how to verify the downloaded file. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/0808ccfbecaaa636)
Powered by SkillShield