phantom-wallet-mcp

This skill's purpose and capabilities are coherent for interacting with a Phantom wallet via a local MCP server and the required credentials (PHANTOM_APP_ID, OAuth) are proportionate to that purpose. However, the install-and-execute pattern (`npx -y @phantom/mcp-server`) without a pinned version or integrity checks is a material supply-chain risk: it permits remote code execution under the user's account at install time and delegates trust to whatever code is fetched from npm. Persisting session tokens in ~/.phantom-mcp/session.json increases credential exposure if filesystem permissions or other software are compromised. There is no explicit evidence of malicious content in the descriptor itself, but the runtime trust model is broad and could allow credential theft or unauthorized signing if the MCP package or its network interactions were compromised. Recommend pinning package versions, adding package integrity verification, documenting secure file permissions for session storage, and auditing the @phantom/mcp-server code before deployment.