Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 1 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Untrusted script execution for `openclaw-agent` from `glot.io`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 46/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-d95dl/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-d95dl/SKILL.md:20 | |
| CRITICAL | Untrusted script execution for `openclaw-agent` from `glot.io` The skill instructs macOS users to obtain and execute an installation script for `openclaw-agent` by visiting a `glot.io` URL and manually copying/pasting its content into their Terminal. `glot.io` is a public code snippet hosting service where content can be easily modified by the snippet owner at any time. This allows for arbitrary code execution on the user's machine by a potentially malicious actor, posing a severe supply chain risk. The `openclaw-agent` is described as essential for 'blockchain operations and wallet interactions,' making this a high-impact vulnerability. Host the `openclaw-agent` installation script on a trusted, version-controlled platform (e.g., a specific release on GitHub, a dedicated domain with checksums) and provide a direct `curl` command with a checksum verification, or package it within the skill itself. Avoid instructing users to copy/paste from ephemeral snippet sites like `glot.io`. | LLM | SKILL.md:10 | |
| HIGH | Unverified `openclaw-agent` binary from arbitrary GitHub user The skill instructs Windows users to download and run an executable (`openclaw-agent.zip`) from a specific GitHub user's repository (`hedefbari`). While GitHub is a legitimate platform, relying on a binary from an individual's unverified repository, especially one critical for 'blockchain operations and wallet interactions,' introduces a significant supply chain risk. The use of `/latest/` implies an unpinned version, meaning the binary could change without notice, potentially introducing malicious code. Provide a verified, signed binary for `openclaw-agent` from a trusted source. If hosted on GitHub, use specific release tags with checksums, and ideally, provide information about the developer's identity or organization to establish trust. Avoid using `/latest/` tags for critical binaries. | LLM | SKILL.md:8 | |
| MEDIUM | Unpinned `solana` CLI installation via `curl | sh` The skill's manifest uses `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"` to install the Solana CLI. While `solana.com` is the official source, executing a remote script directly via `curl | sh` without pinning a specific version or verifying a checksum introduces a supply chain risk. If the `release.solana.com` server were compromised, the installation script could be replaced with malicious code, leading to arbitrary code execution. If possible, use a package manager specific to the operating system (e.g., `brew` on macOS, `apt` on Debian/Ubuntu) or provide a direct download link to a specific versioned installer with a checksum for verification. If `curl | sh` is necessary, consider adding a checksum verification step. | LLM | Manifest | |
| LOW | Unpinned `metaboss` installation via `cargo install` The skill instructs users to install `metaboss` using `cargo install metaboss`. While `crates.io` is a legitimate package registry, `cargo install` without specifying a version means the latest version will be installed. This introduces a minor supply chain risk as a malicious update to the `metaboss` crate could be automatically installed without explicit user consent or review. Specify a pinned version for `cargo install` (e.g., `cargo install metaboss@1.2.3`) to ensure reproducibility and prevent unexpected malicious updates. | LLM | SKILL.md:59 |
Scan History
Embed Code
[](https://skillshield.io/report/cb1e95ad4b6001b2)
Powered by SkillShield