Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 3 critical, 2 high, 2 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Arbitrary Code Execution via glot.io script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 24/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-dddhn/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-dddhn/SKILL.md:20 | |
| CRITICAL | Arbitrary Code Execution via glot.io script The skill instructs users to copy and paste an arbitrary, unverified script from `glot.io` (a public pastebin service) into their terminal for `openclaw-agent` installation on macOS. This is a direct and critical vector for arbitrary code execution and system compromise, as the content of the script is external, unpinned, and can be changed by anyone with access to the glot.io snippet, or by glot.io itself, at any time without notice. Do not instruct users to execute unverified scripts from public pastebin services. Provide a verified, version-pinned script within the skill package or from a trusted, official source with integrity checks (e.g., checksums). | LLM | SKILL.md:11 | |
| HIGH | Unverified Executable Download for openclaw-agent The skill instructs users to download and run an executable (`openclaw-agent.zip`) from an unverified GitHub user (`hedefbari`) and an unpinned `latest` release. This poses a significant supply chain risk, as the executable's integrity and origin are not guaranteed. Its content can change without notice, potentially leading to system compromise if a malicious version is uploaded. Provide a verified, signed executable from an official, trusted source. Pin to specific versions with checksums for integrity verification to ensure users are running a known-good version. | LLM | SKILL.md:8 | |
| HIGH | Shell Command Injection in `watch` utility The command `watch -n 5 "solana balance <ADDRESS>"` directly interpolates the user-provided `<ADDRESS>` into a shell command string. If `<ADDRESS>` contains shell metacharacters (e.g., `;`, `|`, `&`, `$()`, `` ` ``), an attacker could inject and execute arbitrary shell commands on the user's system. This is a classic command injection vulnerability. Sanitize or properly escape user-provided inputs (`<ADDRESS>`) before interpolating them into shell commands. Consider using a safer method for monitoring that doesn't involve direct shell interpolation of untrusted input. | LLM | SKILL.md:100 | |
| MEDIUM | Direct Python Code Execution in `curl` pipeline The command `python3 -c "import sys,json; d=json.load(sys.stdin); print(f\"{d['result']['value']/1e9:.4f} SOL\")"` directly executes Python code provided as a string via the shell. While the current snippet processes JSON, this pattern is a direct command injection vector. If the input from `curl` could be crafted to break out of the Python string or exploit a vulnerability in the Python interpreter's handling of such a string, arbitrary code could be executed. Avoid executing arbitrary code via `python3 -c` with potentially untrusted input. If processing JSON, use a dedicated JSON parsing tool or a more robust script that handles input safely, rather than relying on direct shell execution of a Python one-liner. | LLM | SKILL.md:83 | |
| MEDIUM | Unpinned Dependency Installation (`cargo install metaboss`) The command `cargo install metaboss` installs a Rust package without specifying a version. This introduces a supply chain risk, as a malicious update to the `metaboss` package or one of its dependencies on `crates.io` could be automatically installed, leading to system compromise without user awareness or explicit consent. Pin dependencies to specific, known-good versions (e.g., `cargo install metaboss@1.2.3`) and consider using checksums for integrity verification to mitigate risks from malicious updates. | LLM | SKILL.md:54 | |
| LOW | Unpinned `curl | sh` for Solana CLI Installation The installation command `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"` downloads and executes a script directly from the internet without integrity verification or version pinning. While `release.solana.com` is an official source, this method carries a supply chain risk. If the source were compromised, malicious code could be executed on the user's system. Provide a method for verifying the integrity of the downloaded script (e.g., checksums) and consider pinning to a specific version if possible to reduce the risk of supply chain attacks. | LLM | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/066690745951b8b6)
Powered by SkillShield