helius-phantom
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: CRITICAL
Full Analysis
- [COMMAND_EXECUTION]: Documentation includes instructions for installing the Helius MCP server and generating projects using npx commands such as
npx helius-mcp@latestandnpx create-solana-dapp@latest. - [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing various official Solana and Phantom libraries via standard package registries (NPM), including
@phantom/react-sdkand@solana/kit. - [SAFE]: The skill includes rigorous security guidelines, specifically instructing developers to never expose Helius API keys in frontend code and to use server-side proxies for sensitive operations.
- [SAFE]: The flagged URL
https://sandbox.phantom.devis the official developer environment provided by Phantom for testing wallet integrations and is a legitimate resource. - [SAFE]: Data ingestion points for blockchain data via Helius DAS and Enhanced Transactions APIs are used for application display purposes, with documentation highlighting the need for server-side verification for sensitive operations.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata