> For the complete documentation index, see [llms.txt](https://docs.j.tools/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.j.tools/help-and-security/phantom-warnings.md).
# Phantom warnings explained
Phantom sometimes shows a yellow caution banner when you approve a transaction on J Tools. On the token tools, that banner is usually expected and does not mean anything is wrong. This page explains why it appears, how J Tools signs to keep it quiet, and how to tell a normal banner from a genuine warning you should never ignore.
{% hint style="info" %}
**About wallet warnings.** Some tools sign more than one thing in a single step, for example creating a token and its metadata together. Phantom can show a caution banner for these multi-step transactions. The banner is expected here and does not mean something is wrong. Read what you are signing, then approve.
{% endhint %}
## Why the banner shows up
Some tools do more than one thing in a single step. Creating a token, for example, mints the token and writes its metadata in the same transaction. A pool create-and-buy lands the pool and the first buy together. These are multi-step, multi-signer transactions, and wallets treat anything that signs more than one instruction with extra care.
Phantom adds a banner when a transaction is more complex than a plain one-to-one transfer, or when the destination is a program it has not seen you interact with before. The banner is a prompt to slow down and read, not a verdict that the transaction is malicious.
So on a fresh token mint, a new pool, or a bundled buy, a caution banner is the normal case. It would be stranger if it did not appear.
## How J Tools signs (the wallet-first rule)
Phantom flags tools that pre-build a transaction and then sign-and-send it in one step. When extra signers are baked into a transaction before the wallet ever sees it, Phantom reads that as a higher-risk pattern and can throw a strong red warning, even on a perfectly safe mint.
J Tools follows the wallet-first signing rule that Phantom documents for exactly this case:
{% stepper %}
{% step %}
### Your wallet signs first
For any multi-signer transaction, J Tools hands it to your wallet for signature before any other key touches it. You approve what you can see.
{% endstep %}
{% step %}
### Extra signers come after
Only once your wallet has signed do the additional signers (for example, a brand-new mint keypair) add their signatures.
{% endstep %}
{% step %}
### The app broadcasts
J Tools sends the fully-signed transaction to the network. The platform never holds your keys and never signs on your behalf.
{% endstep %}
{% endstepper %}
Single-signer actions (a normal transfer, a revoke) stay on the simpler sign-and-send path, because there is nothing extra to order. The wallet-first rule is reserved for the multi-signer tools where it changes how Phantom reads the transaction.
## Expected banner vs. real red flag
Most of the time you will see the calmer, expected banner. Learn what it looks like so the rare real warning stands out.
{% tabs %}
{% tab title="Expected (read and approve)" %}
* A yellow or neutral **caution** banner on a multi-step tool: token create, create-and-buy, bundled buy or sell, an LP create.
* Wording about the transaction being **complex** or an app Phantom has **not seen before**.
* The token amount, the fee, and the destination all match what J Tools showed you on the fee card.
This is the normal case. Read what you are signing, confirm the numbers line up, then approve.
{% endtab %}
{% tab title="Real red flag (stop)" %}
* A **red** "this could be malicious" warning that you cannot make sense of against what the tool said it would do.
* A request to **send SOL or tokens to an address you did not expect**, or an amount far larger than the fee card.
* A prompt that appears on a **plain single transfer** where nothing multi-step should be happening.
* Anything that asks for a **seed phrase or private key**. J Tools never does this. Walk away from any site or popup that does.
When the warning does not match the action, reject it. Nothing is committed until you approve.
{% endtab %}
{% endtabs %}
The banner asks you to check; the numbers tell you whether to trust it. If the destination and amount match the fee summary J Tools showed before you clicked, an expected banner is fine. If they do not, reject and ask before trying again.
## A quick checklist before you approve
| Check | What to confirm |
| ----------- | --------------------------------------------------------------------------------- |
| Tool | You are on the J Tools tool you meant to use, on `j.tools`. |
| Amount | The token and SOL amounts match the fee card. |
| Fee | The platform fee and network cost are what the app displayed. |
| Destination | Any transfer goes where you expect, not a surprise address. |
| Color | Yellow caution on a multi-step tool is normal. An unexplained red warning is not. |
{% hint style="warning" %}
Approving a transaction is the point of no return for that action. Read the wallet popup every time, even when the banner is the expected one. A banner you understand is safe to approve; a warning you cannot explain is not.
{% endhint %}
## FAQ
Does the caution banner mean J Tools did something risky?
No. On multi-step tools the banner is the normal response to a transaction that signs more than one instruction. It is Phantom asking you to read carefully, not a sign that the transaction is unsafe.
Why do I see a strong red warning on one tool but not another?
Multi-signer tools (token create, create-and-buy, bundles) are the ones wallets scrutinize hardest. J Tools signs these wallet-first to keep the warning down to a calm caution. If you get an unexplained red warning that does not match what the tool said it would do, reject it.
Can J Tools turn the banner off?
No, and it should not. The banner lives inside your wallet, which is exactly where a final check belongs. J Tools controls how it builds and signs transactions (wallet-first for multi-signer tools), but the wallet's own warnings stay under your control.
Will J Tools ever ask for my seed phrase or private key?
Never. All signing happens in your wallet, browser-side. If any page or popup asks you to paste a seed phrase or private key, it is not J Tools. Close it.
## Related reading
{% content-ref url="/pages/RCcBxUR7MVUlMnKtpvp0" %}
[Our security model](/help-and-security/model.md)
{% endcontent-ref %}
{% content-ref url="/pages/l7qpz78KpqXAZwvtDo7t" %}
[Quick start](/getting-started/quick-start.md)
{% endcontent-ref %}
{% content-ref url="/pages/Rodo9tl731yuAyBheYkO" %}
[Error codes](/reference/error-codes.md)
{% endcontent-ref %}
{% hint style="success" %}
**J Tools is non-custodial.** We never hold your private keys and never ask for them. Every transaction is built in your browser and signed by your own wallet. If any page ever asks you to paste a private key, stop, close it, and let us know.
{% endhint %}
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.j.tools/help-and-security/phantom-warnings.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.