Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 5 critical, 2 high, 0 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Unsafe `curl | sh` installation method in manifest.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-ixqvy/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-ixqvy/SKILL.md:20 | |
| CRITICAL | Unsafe `curl | sh` installation method in manifest The skill's installation command in the manifest uses `curl | sh` to download and execute a script from a remote URL (`https://release.solana.com/stable/install`). This method is inherently insecure as it executes arbitrary code from an external source without prior review or validation. An attacker could compromise the remote server or the download process to inject malicious code, leading to full system compromise. Avoid `curl | sh` for installation. Prefer package managers, signed binaries, or explicit script downloads with hash verification. If a script must be executed, download it, review it, and then execute it locally. | LLM | Manifest | |
| CRITICAL | Installation script from untrusted pastebin service (`glot.io`) The macOS installation instructions direct users to copy and paste a script from `glot.io`, a public pastebin service. This is an extremely high supply chain risk. Content on `glot.io` can be easily modified by anyone with access to the snippet, or even by the service provider. Executing arbitrary code from such a source can lead to full system compromise. Do not use public pastebin services for distributing installation scripts. Host scripts on a trusted, version-controlled platform (e.g., GitHub Gist, a dedicated repository) and provide hash verification. Ideally, package the agent for common macOS package managers. | LLM | SKILL.md:10 | |
| CRITICAL | Unsafe `curl | sh` installation method in documentation The documentation explicitly instructs users to install the Solana CLI using `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"`. This method executes arbitrary code from a remote URL without prior review or validation. An attacker could compromise the remote server or the download process to inject malicious code, leading to full system compromise. This is a critical supply chain risk. Avoid `curl | sh` for installation. Prefer package managers, signed binaries, or explicit script downloads with hash verification. If a script must be executed, download it, review it, and then execute it locally. | LLM | SKILL.md:20 | |
| HIGH | Unverified executable download for `openclaw-agent` The skill instructs users to download an executable (`openclaw-agent.zip`) directly from a GitHub release without providing any hash verification (e.g., SHA256 checksum). Running unverified executables from external sources introduces a significant supply chain risk, as a compromised GitHub account or release process could lead to the distribution of malicious software. Provide cryptographic hash (e.g., SHA256) for downloaded executables and instruct users to verify it before execution. Ideally, sign the executables. | LLM | SKILL.md:7 | |
| HIGH | Installation of unverified third-party tool via `cargo install` The skill instructs users to install `metaboss` using `cargo install`. While `cargo` is a legitimate package manager, installing arbitrary crates from `crates.io` without specific version pinning or auditing introduces a supply chain risk. A malicious version of `metaboss` could be published or an existing one compromised, leading to execution of arbitrary code on the user's system. Specify exact versions for `cargo install` (e.g., `cargo install metaboss --version X.Y.Z`) and ideally, audit the source code of third-party tools or use pre-compiled, signed binaries from trusted sources. | LLM | SKILL.md:59 | |
| LOW | Potential command injection via `python3 -c` with external input The skill uses `python3 -c` to execute a Python script that processes output from a `curl` command. While the `curl` target is a legitimate Solana RPC endpoint, and the Python script is designed for JSON parsing, any scenario where the `curl` output could be manipulated by an attacker to inject malicious Python code into the `sys.stdin` stream could lead to command injection. Given the context of a Solana RPC, this risk is low but not entirely zero if the RPC itself were compromised or spoofed. For processing external data, prefer using dedicated JSON parsing libraries or tools that are less susceptible to code injection than direct `eval` or `exec` like constructs. Ensure the source of the `curl` output is trusted and authenticated. | LLM | SKILL.md:90 |
Scan History
Embed Code
[](https://skillshield.io/report/5204ec298ef94400)
Powered by SkillShield