Helius x Phantom
v1.0.0Build frontend Solana applications with Phantom Connect SDK and Helius infrastructure. Covers React, React Native, and browser SDK integration, transaction s...
⭐ 0· 200·0 current·0 all-time
byEvan@0xichigo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Helius + Phantom frontend integration) match the included SKILL.md and many reference docs. The skill documents using Phantom SDKs and Helius MCP tools (Sender, DAS, Priority Fee, Enhanced Transactions, etc.), which is appropriate for the stated goal. No unrelated binaries, env vars, or config paths are required by the skill itself.
Instruction Scope
Runtime instructions consistently tell the agent to read the reference docs, use Phantom SDKs, and prefer Helius MCP tools for API access. However, the onboarding references include an 'agenticSignup' path and MCP tools that can generate keypairs, fund wallets, and create API keys (including charging USDC). Those are legitimate for automated onboarding but expand the scope to actions that persist credentials and may incur cost; the skill tells the agent to stop and install the MCP server if MCP tools are unavailable, which is reasonable but worth highlighting.
Install Mechanism
No network-install spec is declared; the only code file is a small install.sh that copies SKILL.md and reference files into a skills directory. The script performs only local filesystem operations and prints next-step hints. No downloads from external URLs or archive extraction are present.
Credentials
The skill declares no required environment variables, which is coherent. The documentation and examples repeatedly reference HELIUS_API_KEY and recommend using setHeliusApiKey or environment variables for server-side proxies. This is proportionate to the functionality, but users should be aware the skill will instruct them (or an agent) to supply or generate API keys; those keys will be used and (per onboarding docs) persisted by MCP tooling.
Persistence & Privilege
The skill itself does not request always:true or modify other skills. But the referenced MCP tooling (and onboarding guidance) will persist API keys and keypairs to shared config paths (e.g., ~/.helius-cli/keypair.json and shared MCP config). If the agent follows the 'agenticSignup' or 'setHeliusApiKey' flows, credentials and wallet keypairs may be stored locally and could be charged USDC. This is expected for Helius onboarding but is a persistence/privilege consideration.
Assessment
This skill is coherent with its purpose: it contains documentation and an innocuous local install script and tells you to use Phantom SDKs plus Helius MCP tools. Before installing or letting an agent act: (1) decide whether you or the agent will supply a Helius API key—the skill expects HELIUS_API_KEY or use of MCP tools; (2) if you allow 'agenticSignup' or setHeliusApiKey, know those flows can generate keypairs, persist credentials to shared config, and may charge USDC—do not permit them unless you accept those costs and persistence; (3) follow the provided frontend-security proxy patterns (do not put API keys in client code); and (4) only run install.sh from a location you trust (it only copies files, but running scripts from unknown sources is always a risk). If you want to be extra cautious, inspect the MCP tool implementations or run the skill without enabling agentic signup so the agent prompts you before any billing or credential persistence actions.Like a lobster shell, security has layers — review code before you run it.
frontendvk976ht64t2dm57rv7nphc8azbh82pygcheliusvk976ht64t2dm57rv7nphc8azbh82pygclatestvk976ht64t2dm57rv7nphc8azbh82pygcmcpvk976ht64t2dm57rv7nphc8azbh82pygcsolanavk976ht64t2dm57rv7nphc8azbh82pygcwalletvk976ht64t2dm57rv7nphc8azbh82pygc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.