Helius x Phantom

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill is mostly aligned with Solana frontend development, but it includes autonomous Helius signup, payment, upgrade, and persistent credential workflows that deserve review before use.

Before installing, verify the Helius MCP package source, avoid unpinned installs if possible, and do not allow the agent to run signup, upgrade, renewal, or payment tools unless you explicitly approve the exact amount and plan. Also review where Helius API keys, JWTs, and the local Solana keypair will be stored and how to delete or revoke them later.

Static analysis

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

High

What this means

An agent following this guidance could create or modify a Helius account and spend USDC if the MCP tools and funded wallet are available.

Why it was flagged

The skill documents payment-capable MCP tools and describes an autonomous flow, but the provided text does not clearly require explicit final user approval before signup, upgrade, or renewal payments.

Skill content

The fully autonomous signup flow, no browser needed ... `agenticSignup` — creates the account, processes USDC payment ... `upgradePlan` — executes the upgrade, processes USDC payment ... `payRenewal` ... processes the USDC payment.

Recommendation

Require explicit user confirmation before any signup, upgrade, renewal, or payment step; show the plan, amount, wallet, and irreversible effects before proceeding.

#ASI03: Identity and Privilege Abuse

High

What this means

Future MCP or CLI sessions may retain access to the user's Helius account and local signup wallet without the user re-entering credentials.

Why it was flagged

Persistent API keys, JWTs, and a Solana keypair provide continuing account authority and are broader than the registry's declared credential/config requirements.

Skill content

The MCP persists API keys and JWTs to shared config files so they survive across sessions ... Keypair: saved to `~/.helius-cli/keypair.json` ... JWT: saved to shared config for authenticated session features.

Recommendation

Document the exact credential paths, provide clear cleanup/revocation instructions, and tell users how to remove stored API keys, JWTs, and keypairs after setup.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

The installed MCP server version may change over time, and the user is trusting code retrieved from npm during setup.

Why it was flagged

Installing an MCP server via an unpinned `@latest` npm package is a normal integration setup step here, but it leaves the installed code version and provenance dependent on the package registry at install time.

Skill content

claude mcp add helius npx helius-mcp@latest

Recommendation

Verify the MCP package publisher and consider pinning a known-good version instead of using `@latest`.