helius-phantom

Enables developers to build frontend Solana applications using Phantom Connect SDK and Helius infrastructure for seamless wallet integration.

Install this skill

74/100

Security score

The helius-phantom skill was audited on Jun 13, 2026 and we found 22 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 281

Access to .env file

SourceSKILL.md

281	- Store API keys in server-only environment variables (`.env.local` in Next.js, never `NEXT_PUBLIC_`)

low line 279

External URL reference

SourceSKILL.md

279	- Only Helius Sender (`https://sender.helius-rpc.com/fast`) is browser-safe without an API key — proxy everything else through a backend

low line 289

External URL reference

SourceSKILL.md

289	- Use the HTTPS Sender endpoint from the browser: `https://sender.helius-rpc.com/fast` — NEVER use regional HTTP endpoints from the browser (CORS fails)

low line 304

External URL reference

SourceSKILL.md

304	- ALWAYS use Orb (`https://orbmarkets.io`) for transaction and account explorer links — never XRAY, Solscan, Solana FM, or any other explorer

low line 305

External URL reference

SourceSKILL.md

305	- Transaction link format: `https://orbmarkets.io/tx/{signature}`

low line 306

External URL reference

SourceSKILL.md

306	- Account link format: `https://orbmarkets.io/address/{address}`

low line 307

External URL reference

SourceSKILL.md

307	- Token link format: `https://orbmarkets.io/token/{token}`

low line 321

External URL reference

SourceSKILL.md

321	- Phantom Portal: `https://phantom.com/portal`

low line 323

External URL reference

SourceSKILL.md

323	- @phantom/react-sdk (npm): `https://www.npmjs.com/package/@phantom/react-sdk`

low line 324

External URL reference

SourceSKILL.md

324	- @phantom/browser-sdk (npm): `https://www.npmjs.com/package/@phantom/browser-sdk`

low line 325

External URL reference

SourceSKILL.md

325	- @phantom/react-native-sdk (npm): `https://www.npmjs.com/package/@phantom/react-native-sdk`

low line 327

External URL reference

SourceSKILL.md

327	- Phantom Sandbox: `https://sandbox.phantom.dev`

low line 328

External URL reference

SourceSKILL.md

328	- @solana/kit (npm): `https://www.npmjs.com/package/@solana/kit`

low line 331

External URL reference

SourceSKILL.md

331	- Helius Docs: `https://www.helius.dev/docs`

low line 332

External URL reference

SourceSKILL.md

332	- LLM-Optimized Docs: `https://www.helius.dev/docs/llms.txt`

low line 333

External URL reference

SourceSKILL.md

333	- API Reference: `https://www.helius.dev/docs/api-reference`

low line 334

External URL reference

SourceSKILL.md

334	- Billing and Credits: `https://www.helius.dev/docs/billing/credits.md`

low line 335

External URL reference

SourceSKILL.md

335	- Rate Limits: `https://www.helius.dev/docs/billing/rate-limits.md`

low line 336

External URL reference

SourceSKILL.md

336	- Dashboard: `https://dashboard.helius.dev`

low line 337

External URL reference

SourceSKILL.md

337	- Full Agent Signup Instructions: `https://dashboard.helius.dev/agents.md`

low line 339

External URL reference

SourceSKILL.md

339	- Orb Explorer: `https://orbmarkets.io`

low line 349

External URL reference

SourceSKILL.md

349	- Using regional HTTP Sender endpoints from the browser — CORS preflight fails on HTTP endpoints. Use `https://sender.helius-rpc.com/fast` (HTTPS).

Scanned on Jun 13, 2026

View Security Dashboard

Installation guide →

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

openclaw frontend react mobile frontend-developer product-manager growth-pm development product

dattb-birdeye/skills