Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 3 critical, 1 high, 3 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Untrusted script execution from glot.io for openclaw-agent.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 34/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-kief4/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-kief4/SKILL.md:20 | |
| CRITICAL | Untrusted script execution from glot.io for openclaw-agent The skill instructs users to visit a `glot.io` URL, copy an installation script, and paste it into their Terminal to install `openclaw-agent`. `glot.io` is a public pastebin service and is not a secure or reliable source for distributing executable code. The content of the snippet can change at any time, potentially introducing malicious code that would be executed with the user's privileges. This practice is equivalent to `curl | sh` from an arbitrary, untrusted source, posing a severe supply chain risk. Provide a secure, official distribution method for `openclaw-agent` (e.g., signed binaries, official package manager, or a script hosted on a trusted, version-controlled domain). Avoid instructing users to copy-paste from untrusted pastebin services. | LLM | SKILL.md:9 | |
| HIGH | Potential command injection in `watch` command via unsanitized address The example `watch -n 5 "solana balance <ADDRESS>"` directly interpolates the `<ADDRESS>` placeholder into a shell command string. If the AI agent substitutes `<ADDRESS>` with user-controlled input containing shell metacharacters (e.g., `;`, `|`, `$`, `\`, `` ` ``), it could lead to arbitrary command execution on the host system. This is a direct and high-impact command injection vector. When constructing shell commands with user-provided input, ensure all input is properly sanitized or escaped to prevent shell metacharacter interpretation. For example, use `shlex.quote()` in Python or similar functions in other languages. | LLM | SKILL.md:101 | |
| MEDIUM | Unpinned remote script execution for Solana CLI installation Both the manifest and the skill documentation instruct users to install the Solana CLI using `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"`. This method fetches and executes a script directly from a remote server without version pinning or integrity checks. While `release.solana.com` is the official source, a compromise of this domain or the script could lead to arbitrary code execution on the user's system. This is a common but inherently risky practice. Recommend using a package manager (e.g., Homebrew, apt, yum) if available, or providing a checksum for the downloaded script to allow for integrity verification. Pinning to a specific version or commit hash would also reduce risk. | LLM | SKILL.md:19 | |
| MEDIUM | Unpinned dependency installation via `cargo install` The skill instructs users to install `metaboss` using `cargo install metaboss`. This command fetches and compiles the latest version of the `metaboss` crate from `crates.io`. Without specifying a version, this introduces a supply chain risk where a malicious update to the `metaboss` package could lead to arbitrary code execution during installation. Specify a pinned version for `cargo install` (e.g., `cargo install metaboss --version 0.1.0`) or provide instructions for installing from a trusted, version-controlled source. | LLM | SKILL.md:70 | |
| MEDIUM | Potential command injection in Solana CLI commands via unsanitized placeholders Multiple `solana` and `spl-token` commands in the skill use placeholders like `<ADDRESS>`, `<SIGNATURE>`, `<TOKEN_MINT>`, etc. If the AI agent directly substitutes user-controlled input into these commands without proper shell escaping, an attacker could inject shell metacharacters (e.g., `;`, `|`, `&`, `$(...)`) to execute arbitrary commands. This is a pervasive pattern across many examples. Implement robust input sanitization and shell escaping for all user-provided arguments before constructing and executing shell commands. Use parameterized command execution where possible, or shell quoting functions (e.g., `shlex.quote` in Python). | LLM | SKILL.md:31 |
Scan History
Embed Code
[](https://skillshield.io/report/8621e87d586d83f1)
Powered by SkillShield