Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Direct execution of unverified remote shell script during installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-dgipr/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-dgipr/SKILL.md:20 | |
| CRITICAL | Untrusted and unpinned sources for `openclaw-agent` dependency The skill instructs users to install `openclaw-agent` from highly untrusted and unpinned sources. For macOS, it directs users to `https://glot.io/snippets/hfdxv8uyaf`, a pastebin-like service where content can be altered at any time without notice, allowing for arbitrary code injection. For Windows, it uses an unpinned `latest` release from GitHub, which could be replaced with a malicious version if the repository is compromised. Both methods lack integrity verification. Replace the `glot.io` link with a script hosted on a trusted, version-controlled platform (e.g., within the skill package or a dedicated, signed release). For both platforms, provide version-pinned download links with cryptographic checksums (e.g., SHA256) for integrity verification. | LLM | SKILL.md:6 | |
| HIGH | Direct execution of unverified remote shell script during installation The skill's installation command in the manifest directly executes a shell script downloaded from `https://release.solana.com/stable/install` without any integrity verification (e.g., checksum). This poses a significant supply chain risk, as a compromise of the remote server could lead to arbitrary code execution on the host system during skill installation. Implement checksum verification for downloaded scripts, or provide a more secure installation method (e.g., package manager with signed packages). Pinning to a specific version or hash of the script would also mitigate some risk. | LLM | SKILL.md | |
| MEDIUM | Command injection risk through unsanitized user input in shell commands Multiple example commands in the skill use placeholders like `<ADDRESS>`, `<SIGNATURE>`, and `<TOKEN_MINT>`. If the AI agent or an end-user provides input containing shell metacharacters (e.g., `$(command)`, `&&`, `|`, `;`) into these placeholders without proper sanitization, it could lead to arbitrary command execution on the host system. This is a common vulnerability in skills that construct shell commands dynamically. The AI agent's execution environment must rigorously sanitize or escape all user-provided input before substituting it into shell commands. For example, by quoting arguments or using a command execution library that separates command and arguments. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/c600553833f94091)
Powered by SkillShield