Yggghostwright/phantom
↗ GitHubAn AI co-worker with its own computer. Self-evolving, persistent memory, MCP server, secure credential collection, email identity. Built on the Claude Agent SDK.
948
Stars
101
Forks
11
Watchers
24
Open Issues
Safety Rating A
The repository appears to be a legitimate, well-structured open source autonomous AI agent project. The API key references in the README are clearly example/instructional placeholders (sk-ant-... format shown as a template). The project openly documents its security model (AES-256-GCM credential encryption, isolated VM design) and uses standard open source components (Qdrant, Ollama, SQLite, Docker). No hardcoded production secrets, obfuscated code, exfiltration patterns, or prompt injection attempts were identified in the provided content. The Apache 2.0 license and transparent architecture documentation are consistent with a legitimate open source project.
ℹAI-assisted review, not a professional security audit.
AI Analysis
Phantom is an autonomous AI co-worker agent built on the Claude Agent SDK (Anthropic) that operates on its own dedicated compute environment. It features persistent multi-tier vector memory (Qdrant), self-evolution (rewriting its own config after each session with LLM-judge validation), dynamic MCP tool creation, encrypted credential management (AES-256-GCM), email identity, Slack/Telegram/Webhook/Email channels, and an MCP server interface. Written in TypeScript/Bun and deployable via Docker, it is designed to install software, build infrastructure, create dashboards, and run 24/7 on a VM rather than sharing resources with the user's machine.
Use Cases
- Autonomous software engineering assistant that clones repos, sets up databases, and manages CI/CD summaries
- Self-evolving personal AI co-worker that accumulates domain-specific knowledge across sessions
- Building and serving shareable internal dashboards, APIs, and pages from a public-IP VM
- Dynamic MCP tool creation and registration for use by Claude Code and other agents
- Automated data pipelines, analytics stacks, and scheduled reporting with email delivery
Tags
Security Findings (2)
The README and setup instructions reference an ANTHROPIC_API_KEY being set via environment variable (export ANTHROPIC_API_KEY=sk-ant-...), but this appears to be documentation/example only and not a hardcoded secret in source code. No actual keys appear embedded in the repository content provided.
No prompt injection attempts detected in the README or metadata. All content appears to be legitimate product documentation.
Project Connections
Qdrant
Phantom explicitly uses Qdrant as its primary vector database for its three-tier persistent memory system, spinning it up as a Docker container alongside the main agent process.
Claude (Anthropic SDK)
Phantom is built directly on the Claude Agent SDK and requires an Anthropic API key; Claude models (including Sonnet) are used for both the primary agent runtime and LLM-judge validation in the self-evolution pipeline.
Ollama
Phantom uses Ollama to run local embedding models (nomic-embed-text) for its vector memory system, pulling the model at startup via Docker.
Model Context Protocol (MCP)
Phantom both consumes MCP tools and exposes its own MCP server (Streamable HTTP), allowing Claude Code and other agents to connect to it and use dynamically created tools.
Ghost OS
Ghost OS is listed as a sibling product in the Ghostwright ecosystem providing macOS accessibility and screen perception via MCP, which complements Phantom's autonomous agent capabilities when operating on a Mac environment.