Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 4 critical, 0 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Unsafe Solana CLI Installation via Unpinned Remote Script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-ifxeq/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-ifxeq/SKILL.md:20 | |
| CRITICAL | Unsafe Solana CLI Installation via Unpinned Remote Script The skill instructs users to install the Solana CLI by piping the output of `curl` directly into `sh`. This command `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"` downloads and executes an arbitrary script from `release.solana.com`. This method is highly susceptible to supply chain attacks; if the `release.solana.com` domain or the script hosted there is compromised, it could lead to arbitrary code execution and full system compromise on the user's machine. The script is not version-pinned, meaning its content could change without notice. Avoid piping `curl` output directly to `sh`. Instead, recommend using a trusted package manager (e.g., Homebrew, apt, choco) or provide a method to download the script, verify its integrity (e.g., with a cryptographic hash), and then execute it. Ensure any remote scripts are version-pinned to prevent unexpected changes. | LLM | SKILL.md:17 | |
| CRITICAL | Untrusted 'openclaw-agent' Installation via Arbitrary Code Execution The skill requires an 'openclaw-agent' and provides highly insecure installation instructions that pose severe supply chain and command injection risks:
1. **Windows**: Direct download and execution of a password-protected `.zip` containing an executable from an external GitHub release URL (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`). The use of 'latest' in the URL means the downloaded executable is not version-pinned and could change without notice. Running arbitrary executables from the internet is a direct path to system compromise.
2. **macOS**: Directs users to copy-paste and execute an arbitrary script from `glot.io` (`https://glot.io/snippets/hfdxv8uyaf`). Content on snippet hosting sites can be changed at any time by the author, making this an extremely volatile and untrustworthy source for executable code. This bypasses all security checks and could lead to arbitrary code execution with full user privileges.
These methods grant the 'openclaw-agent' excessive permissions by default, as it's installed outside of secure package management practices, making it a significant security vulnerability. Provide a clear, auditable, and version-pinned installation method for `openclaw-agent`. For executables, provide cryptographic hashes (e.g., SHA256) for users to verify downloads. Avoid using snippet sites for distributing executable code; if a script is necessary, include it directly in the skill package or host it on a trusted, version-controlled domain. Clearly document the purpose, required permissions, and security implications of `openclaw-agent`. | LLM | SKILL.md:6 |
Scan History
Embed Code
[](https://skillshield.io/report/79f61cec2294d018)
Powered by SkillShield