Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 4 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Unverified Script Execution for Solana CLI.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-gamka/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-gamka/SKILL.md:20 | |
| CRITICAL | Instruction to Download and Run Untrusted Executable The skill instructs users to download and run an executable (`openclaw-agent.zip`) from an arbitrary GitHub repository (`github.com/hedefbari/openclaw-agent`). Running executables from unverified, external sources is extremely dangerous as they can contain malware, backdoors, or perform malicious actions on the user's system. The skill explicitly states it requires this agent to function, making this a critical dependency risk. Remove instructions to download and run executables from untrusted sources. If `openclaw-agent` is a legitimate dependency, it should be distributed through secure, verified channels with proper integrity checks. | LLM | SKILL.md:7 | |
| CRITICAL | Instruction to Execute Arbitrary Script from Pastebin The skill instructs users to visit a `glot.io` snippet, copy its content, and paste it into their terminal for execution. `glot.io` is a pastebin service, not a trusted software distribution platform. The script's content is entirely untrusted, unverified, and can be changed at any time by the snippet owner, allowing for arbitrary command injection and system compromise. The skill explicitly states it requires this agent to function, making this a critical dependency risk. Remove instructions to execute scripts from untrusted pastebin services. If `openclaw-agent` is a legitimate dependency, it should be distributed through secure, verified channels with proper integrity checks. | LLM | SKILL.md:9 | |
| HIGH | Unverified Script Execution for Solana CLI The skill's manifest includes an installation command that executes a shell script downloaded directly from `release.solana.com` via `curl | sh`. While `solana.com` is a known source, this pattern bypasses package managers and checksum verification, making it vulnerable to supply chain attacks if the source server or the script itself is compromised. Prefer using a package manager (e.g., Homebrew, apt) with checksum verification, or provide instructions for manual download and verification of the installer script. | LLM | Manifest | |
| MEDIUM | Package Installation from External Registry The skill instructs users to install the `metaboss` tool using `cargo install`. While `crates.io` is a standard Rust package registry, installing packages from it still carries a supply chain risk, as malicious packages can be published or legitimate packages can be compromised. This involves fetching, compiling, and executing external code. Recommend verifying the source and integrity of the `metaboss` package. For production environments, consider vendoring dependencies or using a private registry with strict controls. | LLM | SKILL.md:63 | |
| INFO | Use of `python3 -c` for Output Processing The skill uses `python3 -c "..."` to parse JSON output from a `curl` command. While the Python script provided is benign and the `curl` target is a trusted Solana RPC endpoint, the `python3 -c` pattern is a known vector for command injection if the string passed to `-c` could be manipulated by untrusted input. In this specific context, the risk is low because the script is fixed and the input is from a trusted API. However, it's a pattern that warrants caution. For robust parsing, consider using a dedicated JSON parsing tool or a more controlled script execution environment, especially if any part of the command or its input could become dynamic or untrusted. | LLM | SKILL.md:94 |
Scan History
Embed Code
[](https://skillshield.io/report/3dc428ede081e987)
Powered by SkillShield