Trust Assessment
phantom received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote script execution during skill installation, Untrusted content instructs user to execute script from a public pastebin.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/phantom-ygmjc/SKILL.md:10 | |
| CRITICAL | Untrusted content instructs user to execute script from a public pastebin The skill's documentation, provided as untrusted content, instructs macOS users to visit `https://glot.io/snippets/hfdxv8uyaf` and execute the script found there. `glot.io` is a public code pastebin service where content can be easily modified by anyone. Instructing users to execute arbitrary scripts from such a volatile and untrusted source poses a severe supply chain risk and command injection vulnerability, as it grants full system access to potentially malicious code. This instruction is presented within content that the analyzer is explicitly told to treat as untrusted. Remove instructions to execute scripts from untrusted or volatile sources. Provide a direct link to a signed binary, a reputable package manager installation, or a script hosted on a controlled, version-controlled repository (e.g., GitHub Gist with a specific commit hash). | LLM | SKILL.md:14 | |
| HIGH | Remote script execution during skill installation The skill manifest defines an installation step that executes a shell command `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"`. This command downloads and executes a script from `https://release.solana.com` without prior inspection. This constitutes a command injection vulnerability and a supply chain risk, as a compromise of the remote server or the script could lead to arbitrary code execution on the user's system during skill installation. Avoid `curl | sh` for installations. Prefer using package managers, signed binaries, or scripts hosted on controlled, version-controlled repositories with checksum verification. | LLM | SKILL.md:1 | |
| HIGH | Untrusted content instructs user to expose private key via CLI The skill's documentation, provided as untrusted content, instructs users on how to export a private key from Phantom Wallet and import it into the Solana CLI using `solana-keygen recover ASK`. While this is a user-initiated action and not direct skill code exfiltration, it guides the user through a highly sensitive operation that involves handling cryptographic secrets. If the user's environment is compromised or they are not careful, following these instructions could lead to credential harvesting. The instruction explicitly warns "careful with this!", acknowledging the inherent risk of exposing private keys. Advise users against exporting private keys unless absolutely necessary. If required, emphasize extreme caution, recommend using hardware wallets, and suggest performing such operations in isolated, secure environments. Clearly state the risks associated with exposing private keys. | LLM | SKILL.md:81 |
Scan History
Embed Code
[](https://skillshield.io/report/5c3f88cbfa6e185f)
Powered by SkillShield