Trust Assessment
fairscale-solana received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Unsanitized input used in shell command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized input used in shell command The `WALLET` and `API_KEY` variables are directly interpolated into a `curl` command without proper sanitization or quoting. This allows for command injection if the input contains shell metacharacters (e.g., `;`, `&`, `|`, `$(...)`, backticks), potentially leading to arbitrary code execution on the host system. An attacker could craft a malicious wallet address or API key to execute arbitrary commands. Inputs should be strictly validated and sanitized. For shell scripts, using `printf %q` to quote variables before interpolation into a command string is recommended to prevent arbitrary command execution. Alternatively, consider using a programming language with safer subprocess execution APIs (e.g., Python's `subprocess.run` with `shell=False`) that do not interpret shell metacharacters in arguments. | LLM | scripts/check_wallet.sh:11 |
Scan History
Embed Code
[](https://skillshield.io/report/24494955573f2a93)
Powered by SkillShield