Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 4 critical, 2 high, 2 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Unsafe `curl | sh` installation method for Solana CLI.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-7rrh8/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-7rrh8/SKILL.md:20 | |
| CRITICAL | Unofficial `openclaw-agent` executable download source The skill instructs users to download `openclaw-agent.zip` from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`. The `hedefbari` GitHub user is not the official `openclaw` organization, indicating a potential typosquatting or unofficial source. Running executables from untrusted sources can lead to arbitrary code execution, malware infection, and system compromise. Provide an official, verified source for `openclaw-agent` or remove the dependency if it's not critical. If the dependency is legitimate, ensure the URL points to the official project. | LLM | SKILL.md:9 | |
| CRITICAL | Execution of arbitrary script from untrusted pastebin (`glot.io`) The skill instructs macOS users to visit `https://glot.io/snippets/hfdxv8uyaf`, copy an installation script, and paste it into Terminal. `glot.io` is a public pastebin service, and executing scripts from such sources is highly dangerous. The content of the script is untrusted and could contain malicious commands, leading to arbitrary code execution and system compromise. Provide an official, verified source for `openclaw-agent` or remove the dependency. If the dependency is legitimate, host the script on a trusted domain with integrity checks. | LLM | SKILL.md:12 | |
| HIGH | Unsafe `curl | sh` installation method for Solana CLI The skill manifest uses `curl -sSfL https://release.solana.com/stable/install | sh` to install the Solana CLI. This method executes arbitrary code downloaded from the internet without prior inspection, posing a supply chain risk. A compromise of the `release.solana.com` domain or the script itself could lead to arbitrary code execution on the host system during skill installation. Recommend using a package manager (e.g., Homebrew, apt) if available, or downloading a signed binary and verifying its integrity before execution. Alternatively, provide a Docker image or a more controlled installation method. | LLM | SKILL.md | |
| HIGH | Potential command injection via `python3 -c` with user-controlled input The "Quick Balance Check" command pipes `curl` output to `python3 -c` for processing. The Python script includes a user-controlled placeholder `<ADDRESS>`. If an attacker or a manipulated LLM can inject malicious code into the `<ADDRESS>` variable that breaks out of the Python string, it could lead to arbitrary command execution on the host system. Avoid piping untrusted input directly into `python3 -c` with string formatting. Instead, use a more robust parsing method that safely handles user input, such as passing the address as an argument to a Python script or using a dedicated JSON parsing tool that doesn't execute arbitrary code. | LLM | SKILL.md:92 | |
| MEDIUM | Installation of third-party Rust package (`metaboss`) The skill instructs users to install `metaboss` using `cargo install metaboss`. This introduces a dependency on a third-party package from `crates.io`. While `crates.io` is generally trusted, malicious or compromised packages can exist, posing a supply chain risk. Advise users to verify the authenticity and integrity of `metaboss` before installation. Consider providing a specific version or hash for installation to mitigate risks from future malicious updates. | LLM | SKILL.md:60 | |
| MEDIUM | Potential command injection via `watch` with user-controlled input The "Monitor Address" command uses `watch -n 5 "solana balance <ADDRESS>"`. The `<ADDRESS>` placeholder is user-controlled. If an attacker or a manipulated LLM can inject shell commands into the `<ADDRESS>` variable, it could lead to arbitrary command execution on the host system. Ensure that user-provided input for `<ADDRESS>` is properly sanitized and escaped before being used within shell commands, especially when passed to commands like `watch` that execute arbitrary strings. | LLM | SKILL.md:115 |
Scan History
Embed Code
[](https://skillshield.io/report/20d19c33d91449da)
Powered by SkillShield