Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted macOS Agent Download from Code-Sharing Site, Untrusted Windows Agent Download from Unverified GitHub Account.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-q8ark/SKILL.md:10 | |
| CRITICAL | Untrusted macOS Agent Download from Code-Sharing Site The skill instructs users to download and execute a script from `https://glot.io/snippets/hfdxv8uyaf` for macOS. Glot.io is a generic code-sharing platform, not a trusted software distribution channel. The content of the script can change at any time without notice, potentially introducing malicious code. If the LLM were to instruct a user to `curl ... | sh` this script, it would be a direct command injection from an untrusted source. The `openclaw-agent` is described as handling 'wallet operations', making it a high-value target for credential harvesting and data exfiltration if compromised. Remove the instruction to download and execute code from `glot.io`. Provide a trusted, verifiable source for the `openclaw-agent` or remove the dependency on this external agent. | LLM | SKILL.md:13 | |
| HIGH | Untrusted Windows Agent Download from Unverified GitHub Account The skill instructs users to download and run an executable (`openclaw-agent.zip`) from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`. The `hedefbari` GitHub account is not an official Phantom or Solana entity. Downloading and executing unverified binaries from personal GitHub releases, especially using the `latest` tag (unpinned), poses a significant supply chain risk. The `openclaw-agent` is described as handling 'wallet operations', making it a high-value target for credential harvesting and data exfiltration if malicious. Remove the instruction to download and execute an unverified binary. Provide a trusted, verifiable source for the `openclaw-agent` or remove the dependency on this external agent. | LLM | SKILL.md:10 | |
| HIGH | Instruction to Export and Recover Private Keys via CLI The skill provides instructions for exporting a private key from Phantom and then importing it into the Solana CLI using `solana-keygen recover ASK`. While the skill includes a warning ('careful with this!'), instructing users to handle their seed phrases/private keys in a command-line environment, especially when an untrusted `openclaw-agent` is also involved, significantly increases the risk of credential harvesting if the user's system or the `openclaw-agent` is compromised. The `ASK` parameter means the seed phrase will be entered directly into the terminal, which could be logged or intercepted. Advise against exporting and importing private keys via CLI unless absolutely necessary and with strong security precautions. Emphasize the extreme risks involved. If the `openclaw-agent` is meant to handle this, ensure its trustworthiness and provide secure methods for key management. | LLM | SKILL.md:90 |
Scan History
Embed Code
[](https://skillshield.io/report/6d10907a1d844b20)
Powered by SkillShield