Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unsafe 'curl | sh' installation in manifest, Untrusted script execution for macOS agent installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-sokos/SKILL.md:10 | |
| CRITICAL | Untrusted script execution for macOS agent installation The skill instructs macOS users to copy and paste an installation script from 'glot.io' (a public snippet hosting service) into their terminal. This is a critical supply chain risk and command injection vector, as the content of the script is not controlled or reviewed by the skill package, and could be changed maliciously at any time, leading to arbitrary code execution on the user's system. Do not instruct users to execute arbitrary scripts from untrusted or ephemeral sources like pastebins. Provide a direct, version-controlled, and auditable installation method (e.g., a script hosted within the skill package, a signed installer, or a package manager command). | LLM | SKILL.md:13 | |
| CRITICAL | Instruction to import private key/seed phrase into CLI The skill provides instructions to 'Export Account for CLI' using `solana-keygen recover ASK`. This command prompts the user to input their seed phrase directly into the command line. While `solana-keygen` is a legitimate tool, instructing users to input their seed phrase into a CLI, especially within an AI agent context, creates a critical credential harvesting risk. If the AI agent or the user's environment is compromised, the seed phrase could be intercepted, leading to the loss of all associated funds. Strongly advise against importing private keys or seed phrases directly into the CLI, especially when interacting with an AI agent. Recommend using hardware wallets, secure key management solutions, or alternative methods that do not expose the seed phrase directly to the command line or the agent. If CLI interaction is necessary, emphasize the extreme risks and suggest using air-gapped systems or temporary, minimal-value accounts. | LLM | SKILL.md:90 | |
| HIGH | Unsafe 'curl | sh' installation in manifest The skill manifest uses a 'curl | sh' pattern to install the Solana CLI. This method executes arbitrary code downloaded from a URL without prior review, posing a significant supply chain risk. If the remote server or the downloaded script is compromised, it could lead to command injection and system compromise. Avoid 'curl | sh' for installations. Prefer package managers, signed binaries, or explicit script review and execution. If 'curl | sh' is unavoidable, ensure the URL is pinned to a specific version/hash and the content is thoroughly audited. | LLM | SKILL.md:5 | |
| HIGH | Untrusted executable download for Windows agent installation The skill instructs Windows users to download and run an executable from an external GitHub release URL. While the source 'hedefbari/openclaw-agent' might be legitimate, downloading and executing binaries from external sources without cryptographic verification or sandboxing introduces a significant supply chain risk. A compromised GitHub account or release could lead to the distribution of malicious software. Provide a more secure method for Windows installation, such as a signed installer, a package manager, or clear instructions for verifying the integrity of the downloaded executable (e.g., checksums, GPG signatures). | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/3597a0da9698d406)
Powered by SkillShield