Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted Code Execution from Pastebin (openclaw-agent macOS), Unverified Binary Download from Unofficial GitHub (openclaw-agent Windows).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-pcue3/SKILL.md:10 | |
| CRITICAL | Untrusted Code Execution from Pastebin (openclaw-agent macOS) The skill instructs users to download and execute an installation script for 'openclaw-agent' from `glot.io`, a public code pastebin. Executing arbitrary scripts from untrusted pastebin services poses an extreme supply chain risk, as the content can be modified at any time by an attacker. This could lead to system compromise, data exfiltration, or credential harvesting without the user's knowledge or consent. Host the `openclaw-agent` installation script on a trusted, version-controlled platform (e.g., a signed release on GitHub, an official package manager) and provide cryptographic hashes for verification. Avoid instructing users to copy-paste from arbitrary web pages or untrusted sources. | LLM | SKILL.md:10 | |
| HIGH | Unverified Binary Download from Unofficial GitHub (openclaw-agent Windows) The skill instructs users to download an executable (`openclaw-agent.zip`) from a personal GitHub repository (`hedefbari/openclaw-agent`) using a `latest` tag. This source is not an official `openclaw` organization, and the use of `latest` means the specific version is unpinned and could change without notice. Downloading and executing unverified binaries from unofficial or untrusted sources introduces a significant supply chain risk, potentially leading to the execution of malicious code on the user's system. Host the `openclaw-agent` binary on an official, verified domain or repository. Provide cryptographic hashes (e.g., SHA256) for integrity verification. Pin to specific versions instead of `latest` to ensure reproducibility and prevent unexpected changes. | LLM | SKILL.md:8 | |
| HIGH | Instruction to Export and Re-import Private Key The skill provides explicit instructions for exporting a user's private key from Phantom Wallet and then importing it into the Solana CLI using `solana-keygen recover ASK`. While a warning 'careful with this!' is included, instructing an agent or user to handle private keys in this manner creates a high risk of credential harvesting or accidental data exfiltration. If the environment is compromised, the agent logs sensitive input, or the user is tricked into providing the key to a malicious entity, the private key could be compromised. The `ASK` parameter implies interactive input, which an LLM could be prompted to capture. Avoid instructing users or agents to export and re-import private keys directly. If CLI access is necessary, explore secure alternatives like hardware wallet integration, secure enclaves, or temporary, limited-scope key usage. If absolutely necessary, emphasize extreme caution, secure environment requirements, and strong warnings against automation or logging of sensitive input. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/a47293cb4c8ae39f)
Powered by SkillShield