Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 3 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Arbitrary code execution from mutable external snippet for macOS agent.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-goq2i/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-goq2i/SKILL.md:20 | |
| CRITICAL | Arbitrary code execution from mutable external snippet for macOS agent The skill instructs macOS users to visit `glot.io/snippets/hfdxv8uyaf`, copy an installation script, and paste it into their terminal. `glot.io` is a code snippet hosting service where content can be changed at any time by the author without versioning or review. This allows for arbitrary code execution on the user's machine, posing a severe supply chain risk. A malicious actor could update the snippet to install malware, exfiltrate data, or compromise the system. Do not instruct users to run unversioned, mutable code from external snippet services. Provide a direct link to a versioned script, a package manager command, or a signed executable from a trusted, audited source. | LLM | SKILL.md:11 | |
| HIGH | Unvetted executable download from third-party GitHub for Windows agent The skill instructs Windows users to download `openclaw-agent.zip` from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`. This is a direct download of an executable from a third-party GitHub repository. The `latest` tag means the content can change. Without auditing the source code of `hedefbari/openclaw-agent` and verifying the integrity of the downloaded executable, this poses a significant supply chain risk, as the agent could contain malicious code. Provide a link to a well-known, audited, and versioned package, or host the executable in a trusted, secure location with integrity checks (e.g., checksums). The source code of `openclaw-agent` should be made available and reviewed. | LLM | SKILL.md:9 | |
| HIGH | Critical dependency on unvetted external agent for sensitive operations The skill explicitly states that `openclaw-agent` "must be running" for "all Solana operations" and "wallet interactions." This external agent is a black box from the perspective of the skill package. Requiring an unvetted, third-party executable to handle sensitive blockchain and wallet operations introduces a significant trust burden and potential for excessive permissions. If `openclaw-agent` is compromised or malicious, it could gain full control over the user's Solana wallets and assets. Either integrate the necessary functionality directly into the skill using transparent, auditable code, or provide a clear security audit and justification for requiring such a critical external dependency. Clearly document the permissions and capabilities of `openclaw-agent`. | LLM | SKILL.md:7 | |
| MEDIUM | Installation of third-party binary via `cargo install` The skill instructs users to install `metaboss` using `cargo install metaboss`. While `crates.io` is a generally trusted package registry, installing binaries directly from package managers can introduce supply chain risks. The `metaboss` tool and its dependencies are external to the skill package and are not explicitly audited within this context. A malicious update to `metaboss` or one of its dependencies could compromise the user's system. If `metaboss` functionality is critical, consider vendoring the specific version or providing a more controlled installation method. Document the security implications of installing external tools. | LLM | SKILL.md:63 | |
| INFO | Execution of external script via `curl | sh` for Solana CLI installation The skill's manifest and documentation include an `install` command: `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"`. This executes a shell script downloaded directly from a URL. While `release.solana.com` is the official source and this is a common installation method, it inherently carries a risk. If `release.solana.com` were compromised, or if the `stable/install` script were maliciously altered, arbitrary code could be executed on the user's system. This is a standard practice for many CLIs but is noted for completeness as it involves direct shell execution of external content. While common, for maximum security, consider providing a checksum for the script or a more controlled installation method that verifies integrity before execution. | LLM | SKILL.md:21 |
Scan History
Embed Code
[](https://skillshield.io/report/8f7328194451e2c7)
Powered by SkillShield