Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unsecured Solana CLI Installation via Curl | Sh, Untrusted Script Execution for openclaw-agent (macOS).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-vwlfb/SKILL.md:10 | |
| CRITICAL | Untrusted Script Execution for openclaw-agent (macOS) The skill instructs macOS users to copy and paste an installation script from `https://glot.io/snippets/hfdxv8uyaf` into their Terminal. `glot.io` is a pastebin-like service and is not a trusted source for software distribution. The content of the script can change at any time without notice, potentially leading to the execution of arbitrary malicious code on the user's system. This is a severe supply chain risk and a direct command injection vector if the user follows the instructions. Remove instructions to execute scripts from untrusted sources like `glot.io`. Provide a secure, verifiable installation method for `openclaw-agent`, such as an official package manager, a cryptographically signed installer, or a direct download from a trusted, version-controlled release asset with checksum verification. | LLM | SKILL.md:10 | |
| HIGH | Untrusted Executable Download for openclaw-agent (Windows) The skill instructs Windows users to download an executable (`openclaw-agent.zip`) from a specific GitHub user's repository (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`). Relying on a specific user's repository for a critical agent introduces a supply chain risk. If the `hedefbari/openclaw-agent` repository or the GitHub account is compromised, users could download and execute malicious software. Provide a secure, verifiable installation method for `openclaw-agent`. This could involve distributing the agent through an official, organization-controlled GitHub release with checksums, or through a dedicated software distribution channel. Avoid instructing users to download executables from arbitrary user repositories. | LLM | SKILL.md:7 | |
| HIGH | Instructions for Private Key Export/Import The skill provides explicit instructions on how to export a private key from Phantom Wallet and import it into the Solana CLI using `solana-keygen recover ASK`. While it includes a warning ('careful with this!'), providing such instructions normalizes a highly sensitive operation. If a user follows these steps, their private key is exposed, creating a significant risk of credential harvesting if the environment (e.g., the terminal, the `openclaw-agent`, or the user's system) is compromised or if the user is later tricked into providing this key to a malicious entity. Reconsider whether providing instructions for private key export/import is necessary for the skill's core functionality. If essential, add stronger warnings about the extreme risks involved and advise users to only perform this operation in highly secure, isolated environments. Emphasize that private keys should never be shared or stored insecurely. Consider alternative, less risky methods for CLI interaction that do not require direct private key exposure. | LLM | SKILL.md:89 | |
| MEDIUM | Unsecured Solana CLI Installation via Curl | Sh The skill's manifest installs the Solana CLI using `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"`. While common for CLI tools, this method downloads and executes a script directly from the internet. This poses a supply chain risk, as a compromise of `release.solana.com` or an interception of the download could lead to the execution of arbitrary malicious code on the host system without prior review. Prefer using package managers (e.g., Homebrew, apt, yum) or cryptographically signed installers for dependencies. If `curl | sh` is unavoidable, ensure the URL uses HTTPS and consider adding checksum verification for the downloaded script before execution. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/4695083565c137c2)
Powered by SkillShield