Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 4 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Untrusted script execution from pastebin for macOS agent.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-imont/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-imont/SKILL.md:20 | |
| CRITICAL | Untrusted script execution from pastebin for macOS agent The skill instructs users to visit a `glot.io` snippet (a pastebin service), copy an installation script, and paste it into their terminal. This is an extremely dangerous practice as `glot.io` is an untrusted source for executable code. The content of the script is unknown and could contain arbitrary malicious commands, leading to full system compromise. This constitutes a severe supply chain risk and a direct command injection vector. Provide a verified, signed, and auditable installation method for `openclaw-agent` for macOS, preferably from a trusted package manager or the official OpenClaw repository. Avoid instructing users to copy-paste from untrusted sources like pastebin services. | LLM | SKILL.md:16 | |
| CRITICAL | Untrusted executable download from third-party GitHub for Windows agent The skill instructs users to download and run an executable (`openclaw-agent.zip`) from a third-party GitHub user (`hedefbari`) who is not officially associated with the `openclaw` organization. The instruction also provides a hardcoded password (`openclaw`) for extraction. This poses a severe supply chain risk, as the executable could be malicious, leading to system compromise. The use of an unverified third-party source for a critical agent is highly suspicious. Provide a verified, signed, and auditable installation method for `openclaw-agent` for Windows, preferably from the official OpenClaw repository or a trusted distribution channel. Do not instruct users to download executables from unverified third-party sources. | LLM | SKILL.md:13 | |
| HIGH | Unpinned Solana CLI installation via `curl | sh` The skill's manifest and documentation instruct to install the Solana CLI using `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"`. This method downloads and executes a script directly from the internet without verification. While `solana.com` is a legitimate source, this pattern is vulnerable to supply chain attacks if the source or distribution network is compromised. Furthermore, installing the `stable` version without pinning to a specific release hash or version allows for silent updates, which could introduce breaking changes or malicious code without explicit user consent or review. Recommend installing Solana CLI via a trusted package manager (e.g., Homebrew on macOS, or a verified installer on Windows/Linux) or by downloading a cryptographically signed binary. If `curl | sh` is deemed necessary, at least pin to a specific version or commit hash and verify the script's checksum before execution. | LLM | SKILL.md:23 | |
| MEDIUM | Unpinned `metaboss` installation via `cargo install` The skill instructs to install `metaboss` using `cargo install metaboss`. This command installs the latest version of the `metaboss` crate from `crates.io`. While `cargo` is a legitimate package manager, installing packages without pinning to a specific version or commit hash introduces a supply chain risk. A malicious update to the `metaboss` crate could be silently installed, potentially compromising the user's system or data. Recommend pinning the `metaboss` installation to a specific version (e.g., `cargo install metaboss --version X.Y.Z`) or installing from a known, trusted source with checksum verification. | LLM | SKILL.md:64 |
Scan History
Embed Code
[](https://skillshield.io/report/044f9c8cadb622bf)
Powered by SkillShield