Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned remote script execution during installation, Execution of unverified script from public snippet service (macOS).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-mdr3q/SKILL.md:10 | |
| CRITICAL | Unpinned remote script execution during installation The skill's manifest includes an installation command that downloads and executes a shell script from `https://release.solana.com/stable/install` using `curl | sh`. This method is highly susceptible to supply chain attacks, as the content of the script can change at any time without verification, potentially leading to arbitrary code execution on the user's system. There are no integrity checks (e.g., hash verification) or version pinning. Pin the installation script to a specific version or commit hash. Implement cryptographic hash verification (e.g., SHA256) to ensure the integrity of the downloaded script before execution. Avoid `curl | sh` patterns for unverified content. | LLM | Manifest | |
| CRITICAL | Execution of unverified script from public snippet service (macOS) The skill instructs macOS users to copy and paste an installation script from `https://glot.io/snippets/hfdxv8uyaf` into their Terminal. `glot.io` is a public code snippet hosting service, which is highly volatile and susceptible to content changes by the snippet owner or compromise. Executing unverified code from such a source is an extreme supply chain risk and a direct command injection vector, allowing arbitrary code execution on the user's system. Do not rely on third-party snippet hosting services for critical installation scripts. Host the script securely within the skill's trusted repository, pin it to a specific version, and provide integrity checks. Ideally, integrate the installation into the skill's manifest or a trusted package manager. | LLM | SKILL.md:10 | |
| HIGH | Unpinned 'latest' release download for critical utility (Windows) The skill instructs Windows users to download `openclaw-agent.zip` from a 'latest' release URL on GitHub (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`). This is a supply chain risk because the 'latest' release can change at any time, potentially introducing malicious code without user awareness. There is no version pinning or integrity check (e.g., hash verification) for the downloaded executable. Specify a fixed version for the `openclaw-agent` download and provide a cryptographic hash (e.g., SHA256) for the zip file, instructing users to verify it before execution. Avoid using 'latest' release URLs for critical dependencies. | LLM | SKILL.md:7 | |
| MEDIUM | Instruction for direct private key/recovery phrase input via CLI The skill documents the command `solana-keygen recover ASK` for importing a private key or recovery phrase into the Solana CLI. While explicitly marked with '(careful with this!)', this instruction encourages users to directly input highly sensitive credentials into the command line. In a compromised environment (e.g., malicious shell, keylogger), this action could lead to credential harvesting. The LLM, if it were to generate this command for a user, would be facilitating a high-risk action. Strongly advise against using `solana-keygen recover ASK` in an interactive shell due to the risk of exposing the recovery phrase. Recommend alternative, more secure methods for managing keys (e.g., hardware wallets, secure key stores, file-based keypairs with strong permissions) or emphasize the extreme caution required and the potential risks involved. | LLM | SKILL.md:80 |
Scan History
Embed Code
[](https://skillshield.io/report/366e61cc13fd9e45)
Powered by SkillShield