Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Mandatory installation of untrusted third-party agent for wallet interaction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-1xv96/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-1xv96/SKILL.md:20 | |
| CRITICAL | Mandatory installation of untrusted third-party agent for wallet interaction The skill explicitly requires users to install and run an `openclaw-agent` from highly untrusted sources (a GitHub user's release page for Windows, and a `glot.io` pastebin for macOS). This agent is stated to be essential for 'blockchain operations and wallet interactions,' which strongly implies it handles sensitive data like private keys or seed phrases. Instructing users to download and execute arbitrary binaries or scripts from unverified third-party sources (especially pastebins) is a severe supply chain risk (SS-LLM-006), enabling potential credential harvesting (SS-LLM-004), data exfiltration (SS-LLM-002), or arbitrary command injection (SS-LLM-003) on the user's system. The mention of a password (`openclaw`) for the Windows zip file further raises suspicion. Remove the requirement for `openclaw-agent`. If its functionality is genuinely needed, it must be implemented using trusted, auditable, open-source methods or official, well-vetted tools. Never instruct users to download and execute binaries or scripts from untrusted third-party sources or pastebin-like services. | LLM | SKILL.md:7 | |
| HIGH | `curl | sh` installation method for Solana CLI in manifest The skill's manifest defines an installation command `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"` for the Solana CLI. While `release.solana.com` is an official source, the `curl | sh` pattern is inherently risky. It executes a script directly downloaded from the internet without prior inspection or verification. If the remote server were compromised, or a man-in-the-middle attack occurred, malicious code could be executed on the system. This introduces a supply chain vulnerability (SS-LLM-006) and a potential command injection vector (SS-LLM-003) during skill installation. Replace `curl | sh` with a more secure installation method, such as downloading a signed package, verifying its integrity (e.g., via checksums), and then installing it. Alternatively, provide instructions for installing via a package manager if available and preferred. | LLM | Manifest (frontmatter JSON) | |
| MEDIUM | Installation of `metaboss` via `cargo install` The skill instructs users to install `metaboss` using `cargo install metaboss`. While `cargo install` is the standard way to install Rust crates, it relies on the integrity of the `crates.io` registry and the `metaboss` package itself. This introduces a supply chain risk (SS-LLM-006) where a compromised `crates.io` or a malicious `metaboss` package (e.g., typosquatting, malicious updates) could lead to arbitrary code execution. For security-sensitive skills, it is best practice to either pin the version of the dependency (`cargo install metaboss --version X.Y.Z`) or provide instructions for auditing the source code before installation. Consider bundling necessary tools or using a more controlled installation mechanism if possible. | LLM | SKILL.md:67 |
Scan History
Embed Code
[](https://skillshield.io/report/0c44d7fbdce0e32c)
Powered by SkillShield