helius-phantom
Fail
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The skill provides comprehensive instructions for integrating Phantom Wallet and Helius infrastructure, focusing on standard development workflows for the Solana blockchain.
- [SAFE]: It explicitly prohibits exposing sensitive API keys in client-side code and provides detailed proxy patterns for Next.js, Express, and Cloudflare Workers to keep credentials secure on the server.
- [SAFE]: External references and dependencies, including Phantom, Helius, Metaplex, Jito, and Orb Markets, are well-known and trusted services within the technology and blockchain ecosystem.
- [SAFE]: The provided code templates for token-gating and payment verification include robust security measures, such as timestamped message signing to prevent replay attacks and server-side validation against on-chain data.
- [SAFE]: Automated scanner flags for the Phantom sandbox URL and SKILL.md metadata were evaluated and determined to be false positives based on the official nature of the services and the instructional content of the files.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata