Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Unpinned Solana CLI installation via curl | sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-9ahmt/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-9ahmt/SKILL.md:20 | |
| CRITICAL | Instruction to execute unverified script from public snippet service The skill instructs macOS users to visit `https://glot.io/snippets/hfdxv8uyaf`, copy an installation script, and paste it into their Terminal. `glot.io` is a public code snippet hosting service where content can be easily modified or replaced by the snippet owner at any time. This poses an extreme command injection and supply chain risk, as users are directed to execute arbitrary, potentially malicious code without any verification. Remove instructions to execute code from unverified public snippet services. If an external tool is required, provide a direct, version-pinned download link from a trusted source with hash verification, or integrate it into the skill's manifest installation process with proper pinning. | LLM | SKILL.md:10 | |
| HIGH | Unpinned Solana CLI installation via curl | sh The skill's manifest installs the Solana CLI using `curl -sSfL https://release.solana.com/stable/install | sh`. This method executes arbitrary code downloaded from the internet. The use of the `stable` tag instead of a specific version or cryptographic hash makes it vulnerable to supply chain attacks if the content at the URL is compromised or maliciously altered. Pin the Solana CLI installation to a specific version or cryptographic hash. For example, download a specific versioned tarball, verify its hash, and then install. Avoid `curl | sh` for unpinned versions. | LLM | Manifest | |
| HIGH | Unpinned openclaw-agent download from GitHub 'latest' release The skill instructs Windows users to download `openclaw-agent` from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`. Downloading the `latest` release means the content is not version-pinned and can change without notice. A malicious actor compromising the GitHub repository could replace the `latest` release with a trojaned version, leading to a supply chain attack. The use of a hardcoded password `openclaw` for extraction is also a minor concern, as it offers no additional security if the archive itself is compromised. Pin the download to a specific versioned release (e.g., `v1.2.3`) and provide a cryptographic hash (SHA256) for integrity verification. Avoid using `latest` tags for critical dependencies. | LLM | SKILL.md:8 | |
| MEDIUM | Unpinned metaboss installation via cargo install The skill instructs users to install `metaboss` using `cargo install metaboss`. This command installs the latest available version of the `metaboss` crate from crates.io. Without specifying a version, the installation is susceptible to supply chain attacks if a malicious version of `metaboss` is published to the registry. Specify a pinned version for `cargo install` (e.g., `cargo install metaboss --version 0.1.0`) or provide instructions for verifying the installed package. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/cadd1647851a0526)
Powered by SkillShield