Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Untrusted script execution from glot.io for openclaw-agent.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-1fuhx/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-1fuhx/SKILL.md:20 | |
| CRITICAL | Untrusted script execution from glot.io for openclaw-agent The skill instructs macOS users to install `openclaw-agent` by visiting a `glot.io` snippet and pasting its content into their terminal. `glot.io` is a public code snippet hosting service, and snippets can be easily modified or replaced by anyone with access, or by the service itself. Executing arbitrary code from such an unverified and volatile source poses a severe supply chain risk, potentially leading to arbitrary code execution on the user's machine without any integrity checks. Provide a cryptographically signed, officially hosted installer or a verified package manager installation method. Avoid instructing users to execute arbitrary code from public snippet services like glot.io. | LLM | SKILL.md:9 | |
| HIGH | openclaw-agent downloaded from unverified GitHub user The skill instructs Windows users to download `openclaw-agent.zip` from a GitHub release hosted by the user `hedefbari`. Relying on a release from a personal or unverified GitHub account for a critical agent introduces a significant supply chain risk. There is no clear indication that `hedefbari` is an official maintainer or that the release is verified by the `openclaw` project, making the download susceptible to compromise or malicious code injection. Host the `openclaw-agent` releases under an official organization account with proper release signing and verification. Provide clear instructions for verifying the downloaded executable's integrity (e.g., checksums). | LLM | SKILL.md:7 | |
| HIGH | Unverified script execution for Solana CLI installation The skill's manifest and documentation instruct users to install the Solana CLI using `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"`. This method directly pipes the output of a remote script into a shell for execution without prior inspection or verification. While `release.solana.com` is the official source, a compromise of this domain or the CDN serving the script could lead to arbitrary code execution on the user's system. Recommend alternative installation methods that allow for script review or use package managers with built-in integrity checks (e.g., `brew` on macOS, official `.deb`/`.rpm` packages). If `curl | sh` is necessary, provide instructions for users to review the script content before execution. | LLM | SKILL.md:19 | |
| MEDIUM | Unverified package installation via cargo install The skill suggests installing `metaboss` using `cargo install metaboss`. `cargo` downloads and compiles Rust crates from `crates.io`. While `crates.io` is the official Rust package registry, `cargo install` does not perform deep security audits of the package or its dependencies. A malicious or compromised `metaboss` crate or one of its transitive dependencies could execute arbitrary code during the build or installation process. Advise users to review the source code of `metaboss` and its dependencies before installation, or provide a pre-compiled, signed binary from a trusted source. | LLM | SKILL.md:55 |
Scan History
Embed Code
[](https://skillshield.io/report/e8d7419143657092)
Powered by SkillShield