Skillv1.0.0

ClawScan security

Helius x Phantom · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 6:30 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with its stated purpose (building Phantom + Helius frontends); nothing requests unrelated credentials or installs unexpected binaries, but the references and instructions do allow autonomous account/signup flows and persistent API key storage so be aware of cost and persistence implications before using those paths.
Guidance: This skill is coherent with its purpose: it contains documentation and an innocuous local install script and tells you to use Phantom SDKs plus Helius MCP tools. Before installing or letting an agent act: (1) decide whether you or the agent will supply a Helius API key—the skill expects HELIUS_API_KEY or use of MCP tools; (2) if you allow 'agenticSignup' or setHeliusApiKey, know those flows can generate keypairs, persist credentials to shared config, and may charge USDC—do not permit them unless you accept those costs and persistence; (3) follow the provided frontend-security proxy patterns (do not put API keys in client code); and (4) only run install.sh from a location you trust (it only copies files, but running scripts from unknown sources is always a risk). If you want to be extra cautious, inspect the MCP tool implementations or run the skill without enabling agentic signup so the agent prompts you before any billing or credential persistence actions.

Review Dimensions

Purpose & Capability: okThe name/description (Helius + Phantom frontend integration) match the included SKILL.md and many reference docs. The skill documents using Phantom SDKs and Helius MCP tools (Sender, DAS, Priority Fee, Enhanced Transactions, etc.), which is appropriate for the stated goal. No unrelated binaries, env vars, or config paths are required by the skill itself.
Instruction Scope: noteRuntime instructions consistently tell the agent to read the reference docs, use Phantom SDKs, and prefer Helius MCP tools for API access. However, the onboarding references include an 'agenticSignup' path and MCP tools that can generate keypairs, fund wallets, and create API keys (including charging USDC). Those are legitimate for automated onboarding but expand the scope to actions that persist credentials and may incur cost; the skill tells the agent to stop and install the MCP server if MCP tools are unavailable, which is reasonable but worth highlighting.
Install Mechanism: okNo network-install spec is declared; the only code file is a small install.sh that copies SKILL.md and reference files into a skills directory. The script performs only local filesystem operations and prints next-step hints. No downloads from external URLs or archive extraction are present.
Credentials: noteThe skill declares no required environment variables, which is coherent. The documentation and examples repeatedly reference HELIUS_API_KEY and recommend using setHeliusApiKey or environment variables for server-side proxies. This is proportionate to the functionality, but users should be aware the skill will instruct them (or an agent) to supply or generate API keys; those keys will be used and (per onboarding docs) persisted by MCP tooling.
Persistence & Privilege: noteThe skill itself does not request always:true or modify other skills. But the referenced MCP tooling (and onboarding guidance) will persist API keys and keypairs to shared config paths (e.g., ~/.helius-cli/keypair.json and shared MCP config). If the agent follows the 'agenticSignup' or 'setHeliusApiKey' flows, credentials and wallet keypairs may be stored locally and could be charged USDC. This is expected for Helius onboarding but is a persistence/privilege consideration.