Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned Remote Script Execution in Install Command, Instruction to Execute Unverified Code from Pastebin (macOS).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-xivjh/SKILL.md:10 | |
| CRITICAL | Instruction to Execute Unverified Code from Pastebin (macOS) The skill instructs macOS users to visit `glot.io` (a public pastebin service), copy an installation script, and paste it directly into their terminal. Executing unreviewed and unverified code from an untrusted source like a pastebin is an extremely dangerous practice. The content at `glot.io` is subject to change at any time and could easily be replaced with malicious code, leading to severe command injection and system compromise. Remove the instruction to execute code from `glot.io`. Provide a secure, verifiable installation method for `openclaw-agent` on macOS, such as a signed package, a script hosted on a trusted domain with a checksum, or clear instructions for building from source. | LLM | SKILL.md:14 | |
| HIGH | Unpinned Remote Script Execution in Install Command The skill's manifest includes an `install` command that directly downloads and executes a shell script from `https://release.solana.com/stable/install`. Using a 'stable' URL instead of a pinned version (e.g., a specific release tag or commit hash) introduces a significant supply chain risk. The content of the script could change unexpectedly, potentially introducing malicious code. Direct execution of remote scripts is also a command injection vector. Pin the Solana CLI installation script to a specific version or hash. Alternatively, provide a more secure and verifiable installation method, such as a package manager or a script with a checksum. | LLM | SKILL.md:2 | |
| HIGH | Instruction to Export and Import Private Key The skill provides explicit instructions on how to export a private key from Phantom Wallet and then import it into the Solana CLI using `solana-keygen recover ASK`. While a warning ('careful with this!') is included, this instruction directly facilitates the handling of highly sensitive cryptographic credentials (private keys). If a user follows these instructions in an insecure environment or if their system is compromised, their private key could be exposed, leading to complete loss of funds. Reconsider the necessity of providing instructions for private key export/import. If absolutely essential, add much stronger, prominent warnings about the extreme risks involved. Advise users to only perform this in highly secure, isolated environments, and to fully understand the implications. Emphasize that private keys should never be shared or entered into untrusted systems or stored unencrypted. | LLM | SKILL.md:79 | |
| MEDIUM | Unpinned Executable Download for openclaw-agent (Windows) The skill instructs Windows users to download the `openclaw-agent` executable from a GitHub release using the `latest` tag (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`). Relying on the 'latest' tag introduces a supply chain risk, as the content of the download can change without notice. A malicious actor could potentially replace the 'latest' release with a compromised version. Pin the download URL to a specific version or commit hash of the `openclaw-agent` executable. Ideally, provide a cryptographic checksum (e.g., SHA256) for users to verify the integrity of the downloaded file. | LLM | SKILL.md:12 |
Scan History
Embed Code
[](https://skillshield.io/report/bfb12f65eb889893)
Powered by SkillShield