Trust Assessment
phantom received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unsafe 'curl | sh' installation method for Solana CLI.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unsafe 'curl | sh' installation method for Solana CLI The skill's manifest uses `curl | sh` to install the Solana CLI. This method downloads and executes a script directly from `https://release.solana.com/stable/install` without cryptographic verification or pinning to a specific version/hash. While `release.solana.com` is an official source, this pattern introduces a supply chain risk. A compromise of the Solana release server or the `install` script could lead to arbitrary code execution on the system installing the skill. Prefer using package managers (e.g., `apt`, `brew`, `npm`, `pip`) with cryptographic verification, or downloading and verifying a specific version's checksum before execution. If `curl | sh` is necessary, consider pinning to a specific version or hash, and ensure the URL is always HTTPS. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/37358030047365b6)
Powered by SkillShield