helius-phantom
Fail
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The skill is a developer-focused toolkit providing architectural patterns and code references for Solana development. It contains no executable code other than a standard installation script.\n- [COMMAND_EXECUTION]: The install.sh script performs standard file system operations to copy the skill and its references to the user's local configuration directory. This is expected behavior for skill installation.\n- [EXTERNAL_DOWNLOADS]: The skill refers to official and well-known services including Phantom (phantom.com, phantom.dev), Helius (helius.dev, helius-rpc.com), and the Helius MCP server (npx helius-mcp@latest). These are legitimate vendor resources used for their intended purpose.\n- [DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration. The documentation explicitly advises users to avoid exposing API keys in client-side code and provides secure proxy patterns for backend integration.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata