Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Unverified remote script execution during installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-fckyq/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-fckyq/SKILL.md:20 | |
| CRITICAL | Unverified remote script execution during installation The skill's installation process, defined in the manifest, uses `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"` to download and execute a script from a remote server. This `curl | sh` pattern is a critical supply chain risk. It allows arbitrary code execution on the host system if the remote server (`release.solana.com`) is compromised or if the script itself is malicious. There are no integrity checks (e.g., hash verification) for the downloaded script, making the installation highly vulnerable to supply chain attacks. Replace the `curl | sh` pattern with a more secure installation method. This could involve downloading a known-good, version-pinned installer, verifying its integrity (e.g., via SHA256 hash), and then executing it. Alternatively, use a trusted package manager if available for the target environment. | LLM | SKILL.md | |
| HIGH | Reliance on unverified external binaries/scripts from arbitrary URLs The skill's prerequisites, as described in the `SKILL.md` documentation, instruct users to download the `openclaw-agent` executable from a GitHub release page (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`) for Windows and a script from `glot.io` (`https://glot.io/snippets/hfdxv8uyaf`) for macOS. Relying on unverified external binaries or scripts from arbitrary URLs, especially a pastebin-like service like `glot.io`, introduces significant supply chain risks. The content at these URLs could change or become malicious, leading to system compromise upon download and execution. The provided password for the zip file (`openclaw`) also suggests potentially insecure practices. Provide clear, verifiable installation instructions for `openclaw-agent` from a trusted, version-controlled source with integrity checks (e.g., cryptographic hashes). Avoid direct downloads from arbitrary URLs or ephemeral services like `glot.io`. If a binary is required, it should be signed and distributed through official channels. | LLM | SKILL.md:8 | |
| MEDIUM | Unversioned package installation via `cargo install` The skill documentation recommends installing `metaboss` using `cargo install metaboss`. While `cargo` is a legitimate package manager, installing packages without pinning a specific version introduces a supply chain risk. The `cargo install` command will fetch the latest available version, which can change over time. If a malicious update is pushed to the `metaboss` crate, users following these instructions could inadvertently install compromised software, leading to arbitrary code execution or other security breaches. If `metaboss` is a critical dependency, recommend installing a specific, audited version (e.g., `cargo install metaboss@1.2.3`). Provide instructions for verifying the package's integrity or consider vendoring the dependency if appropriate. If it's an optional tool, clearly state the risks associated with unversioned installations. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/032bbc4857ad5b7f)
Powered by SkillShield