Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 4 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned remote script execution for Solana CLI installation, Unpinned remote executable download for `openclaw-agent`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-lpnfp/SKILL.md:10 | |
| CRITICAL | Unpinned remote script execution for Solana CLI installation The skill's manifest uses `curl -sSfL https://release.solana.com/stable/install | sh` to install the Solana CLI. This downloads and executes a script from a remote URL without version pinning. A compromise of `release.solana.com` or a change in the 'stable' script could lead to arbitrary code execution on the host system. The `curl | sh` pattern is inherently risky and constitutes a supply chain risk and potential command injection. Pin the Solana CLI version to a specific, immutable release. Avoid `curl | sh` for installations; prefer package managers or verified binaries with checksums. | LLM | SKILL.md (manifest):1 | |
| CRITICAL | Unpinned remote executable download for `openclaw-agent` The skill instructs users to download `openclaw-agent` from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent`. Using `latest` means the downloaded executable is unpinned and could change at any time. This introduces a severe supply chain risk where a malicious update to the `latest` release could lead to arbitrary code execution on the user's system if they follow the instruction. Pin the `openclaw-agent` download to a specific version and provide a checksum for verification. Avoid instructing users to download executables from unpinned 'latest' URLs. | LLM | SKILL.md:7 | |
| CRITICAL | Execution of unverified script from third-party snippet host for `openclaw-agent` installation The skill instructs macOS users to copy and paste an installation script from `https://glot.io/snippets/hfdxv8uyaf` into their Terminal. `glot.io` is a general-purpose snippet hosting service, not a trusted software distribution platform. The content of this snippet is unverified, unpinned, and could be changed by the snippet owner at any time, leading to arbitrary code execution on the user's system if they follow the instruction. This is a severe supply chain risk and a direct command injection vector. Provide a direct, version-pinned, and checksummed installation method for `openclaw-agent` on macOS, or host the script on a trusted, version-controlled platform. Avoid instructing users to execute arbitrary scripts from third-party snippet sites. | LLM | SKILL.md:9 | |
| HIGH | Instruction to export and import private key via CLI The skill provides instructions to 'Export Private Key' from Phantom and then 'Import to Solana CLI' using `solana-keygen recover ASK`. While there's a warning ('careful with this!'), instructing users to handle their private keys in this manner is highly risky. It encourages users to expose their seed phrase or private key, which could be intercepted if the environment (e.g., terminal, clipboard, LLM context) is compromised or if the user is tricked into pasting it into an insecure location. This is a direct path to credential harvesting. Strongly advise against exporting or importing private keys/seed phrases unless absolutely necessary and with extreme caution. If such an operation is critical, provide secure, offline methods and emphasize the risks. Consider if this instruction is truly essential for the skill's core functionality or if alternative, less risky methods exist. | LLM | SKILL.md:91 |
Scan History
Embed Code
[](https://skillshield.io/report/8af832b21a666d66)
Powered by SkillShield