Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 4 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Untrusted content instructs user to execute arbitrary script from pastebin.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-9lplb/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-9lplb/SKILL.md:20 | |
| CRITICAL | Untrusted content instructs user to execute arbitrary script from pastebin The skill's documentation (`SKILL.md`), which is treated as untrusted content, explicitly instructs macOS users to visit a pastebin URL (`https://glot.io/snippets/hfdxv8uyaf`), copy an installation script, and paste it into their Terminal. Executing arbitrary scripts from untrusted sources like pastebins is a severe security risk, allowing for arbitrary code execution with the user's privileges. This instruction attempts to bypass the skill's declared dependencies and introduce an undeclared, potentially malicious, external agent (`openclaw-agent`) that the skill claims is 'required' for functionality. Remove all instructions to install `openclaw-agent` from untrusted sources. If `openclaw-agent` is a legitimate dependency, it must be declared in the skill's manifest using secure installation methods (e.g., official package managers, verified binaries) and not via direct user execution of untrusted scripts. | LLM | SKILL.md:14 | |
| CRITICAL | Untrusted content instructs user to download and run undeclared executable from untrusted GitHub user The skill's documentation (`SKILL.md`), which is treated as untrusted content, instructs Windows users to download an executable (`openclaw-agent`) from a specific GitHub user's release page (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent`). This executable is not declared in the skill's manifest and is presented as a 'required' component. Downloading and running executables from unverified third-party sources, especially when the source is a personal GitHub account rather than an official organization, poses a significant supply chain risk and can lead to arbitrary code execution and system compromise. The mention of a password (`openclaw`) for extraction further suggests a non-standard and potentially risky installation process. Remove all instructions to install `openclaw-agent` from untrusted sources. If `openclaw-agent` is a legitimate dependency, it must be declared in the skill's manifest using secure installation methods (e.g., official package managers, verified binaries). | LLM | SKILL.md:11 | |
| HIGH | Solana CLI installation uses `curl | sh` pattern in manifest The skill's manifest defines an installation command for the Solana CLI using `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"`. While `release.solana.com` is the official source for Solana, the `curl | sh` pattern is inherently risky as it executes code directly downloaded from the internet without prior inspection or verification. A compromise of the Solana release server or a man-in-the-middle attack could lead to arbitrary code execution during installation. Prefer installation methods that involve downloading a package, verifying its integrity (e.g., checksums, GPG signatures), and then installing it. If `curl | sh` is deemed necessary, ensure robust integrity checks are in place for the downloaded script. | LLM | Manifest | |
| MEDIUM | Installation of `metaboss` via `cargo install` without version pinning The skill's documentation (`SKILL.md`) suggests installing `metaboss` using `cargo install metaboss`. This command fetches and compiles a package from crates.io. While `cargo` provides some security features, there's still a risk of typosquatting (installing a similarly named malicious package) or a legitimate package being compromised. The skill does not specify a version, which means it will always fetch the latest, potentially introducing breaking changes or vulnerabilities if a future version is compromised. Pin dependencies to specific versions (e.g., `cargo install metaboss@1.2.3`) and consider using a `Cargo.lock` file or other mechanisms to ensure reproducible and verified builds. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/f7387819f5cfd485)
Powered by SkillShield