Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 4 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Untrusted openclaw-agent executable for Windows.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 3/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-gj8sl/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-gj8sl/SKILL.md:20 | |
| CRITICAL | Untrusted openclaw-agent executable for Windows The skill instructs users to download and execute an 'openclaw-agent' executable from a third-party GitHub repository (`https://github.com/hedefbari/openclaw-agent`). This repository appears to be unofficial and could host malicious software, posing a critical supply chain risk and potential for arbitrary code execution on the user's system. Running executables from unverified sources is highly dangerous. Provide an official, verified source for `openclaw-agent` or remove the instruction if `openclaw-agent` is not a core component of the skill. Users should only download and run executables from trusted, official sources. | LLM | SKILL.md:9 | |
| CRITICAL | Arbitrary script execution from pastebin for macOS The skill instructs users to visit a `glot.io` (a pastebin/code runner service) link, copy an installation script, and paste it directly into their terminal. This is an extremely dangerous practice, as the content of the script is untrusted and could contain malicious commands, leading to arbitrary code execution on the user's system without prior review or verification. Remove this instruction. If an installation script is necessary, it should be hosted on a trusted, official domain and ideally reviewed by the user before execution. Never instruct users to execute code directly from untrusted pastebin services. | LLM | SKILL.md:11 | |
| HIGH | Unverified script execution for Solana CLI installation The skill instructs users to download and execute a shell script directly from `https://release.solana.com/stable/install` via `curl | sh`. While `solana.com` is the official source, this method bypasses inspection and relies entirely on the integrity of the remote server. A compromise of `release.solana.com` could lead to arbitrary code execution on the user's system. Recommend a more secure installation method, such as downloading the script, inspecting it, and then executing it, or using a package manager if available. Pin to a specific version if possible to prevent unexpected changes. | LLM | SKILL.md:21 | |
| HIGH | Unverified package installation via cargo install The skill instructs users to install `metaboss` via `cargo install`. This command downloads, compiles, and executes code from `crates.io`. Similar to `curl | sh`, this relies on the integrity of `crates.io` and the `metaboss` package. A compromise of either could lead to arbitrary code execution on the user's system. Recommend reviewing the `metaboss` source code before installation or using a pre-compiled binary from a trusted source if available. Pin to a specific version to ensure reproducible builds and prevent unexpected changes. | LLM | SKILL.md:81 | |
| MEDIUM | Inline Python code execution from piped input The skill demonstrates piping `curl` output directly into `python3 -c` for inline execution. While the current Python script is simple JSON parsing, this pattern allows for arbitrary code execution. If the `curl` output could be manipulated by an attacker (e.g., via a malicious RPC endpoint), it could potentially lead to command injection within the Python interpreter, executing arbitrary Python code. Avoid piping untrusted or potentially malformed data directly into `python3 -c`. If parsing is necessary, use a dedicated script or a more robust parsing mechanism that handles errors and unexpected input gracefully, rather than executing code directly from standard input. | LLM | SKILL.md:115 |
Scan History
Embed Code
[](https://skillshield.io/report/99e6efee0c947069)
Powered by SkillShield