Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 5 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Arbitrary Code Execution via Unpinned Remote Script (Manifest).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-k7hyt/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-k7hyt/SKILL.md:20 | |
| CRITICAL | Arbitrary Code Execution via Unpinned Remote Script (Manifest) The skill's installation command executes a shell script fetched from a remote URL (`https://release.solana.com/stable/install`) without pinning to a specific version. This allows for arbitrary code execution during skill installation. If the remote script is compromised or modified, the agent's host system could be fully compromised. The use of `stable` instead of a version hash or specific release tag introduces a significant supply chain risk. Pin the installation script to a specific version or commit hash. For example, `curl -sSfL https://release.solana.com/v1.18.4/install | sh`. Alternatively, provide the script content directly within the skill package for review. | LLM | Manifest:1 | |
| CRITICAL | Untrusted Third-Party Executable Download and Execution (Windows) The skill instructs users to download an executable (`openclaw-agent.zip`) from an unofficial GitHub repository (`https://github.com/hedefbari/openclaw-agent`) and run it. This repository is not the official 'openclaw' organization, indicating a potential typosquatting or unverified third-party dependency. The use of `/latest` for the download URL means the executable is unpinned and could change at any time, introducing a critical supply chain risk and allowing for arbitrary code execution on the host system. Remove instructions to download and run executables from unverified third-party sources. If `openclaw-agent` is a required dependency, it should be sourced from an official, verified, and version-pinned location. Consider integrating its functionality directly or providing a secure, sandboxed method for its execution. | LLM | SKILL.md:9 | |
| CRITICAL | Arbitrary Code Execution via Unverified Pastebin Script (macOS) The skill instructs macOS users to visit a code pastebin (`glot.io`), copy an unknown script, and paste it into their Terminal. This is an extremely dangerous practice, as the content of the script is entirely unverified, unpinned, and could be changed by anyone with access to the glot.io snippet. This allows for arbitrary code execution on the host system with the highest possible severity. Remove all instructions that direct users to execute unverified code from untrusted sources like pastebins. If a script is necessary, it must be included directly within the skill package, reviewed, and executed in a controlled environment. | LLM | SKILL.md:11 | |
| HIGH | Unpinned Dependency Installation via `cargo install` The skill instructs users to install `metaboss` using `cargo install metaboss`. While `cargo install` is a standard way to install Rust binaries, this command does not specify a version. This means the latest version from crates.io will be installed, which could change over time and potentially introduce malicious code or vulnerabilities without explicit review, posing a supply chain risk. Pin the `metaboss` installation to a specific version, e.g., `cargo install metaboss --version 0.1.0`. This ensures deterministic builds and reduces the risk of unexpected changes from upstream dependencies. | LLM | SKILL.md:64 | |
| MEDIUM | Arbitrary Python Code Execution via `python3 -c` The skill demonstrates the use of `python3 -c` to execute arbitrary Python code directly from the command line. While the current snippet is benign (parsing JSON from `curl` output), this pattern represents a command injection vulnerability if any part of the Python code or its input could be controlled by a malicious actor or untrusted data. It allows for direct execution of code on the host system. Avoid using `python3 -c` with potentially untrusted or dynamically generated input. If Python processing is required, encapsulate it within a dedicated script file that can be reviewed and executed securely, or use safer parsing methods within the shell context if possible. | LLM | SKILL.md:99 |
Scan History
Embed Code
[](https://skillshield.io/report/fa0c9c46f0745872)
Powered by SkillShield