Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 4 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Unverified remote script execution during installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-pjnom/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-pjnom/SKILL.md:20 | |
| CRITICAL | Instruction to execute arbitrary script from untrusted pastebin The skill instructs macOS users to copy and paste an installation script from `glot.io` (a public pastebin service) directly into their Terminal. This is an extremely dangerous practice as the content of the script is unverified and could be modified by anyone, potentially containing malicious commands leading to arbitrary code execution, data exfiltration, or system compromise. Remove instructions to execute unverified scripts from untrusted sources. Provide a secure, verifiable installation method (e.g., signed package, official repository, or clear instructions for reviewing the script content from a trusted source). | LLM | SKILL.md:11 | |
| CRITICAL | Instruction to download and run unverified binary from GitHub The skill instructs Windows users to download and run an executable (`openclaw-agent.zip`) directly from a GitHub release by an unknown user (`hedefbari`). Running unverified binaries from untrusted sources can lead to arbitrary code execution, system compromise, or malware infection. The mention of a password for the zip (`openclaw`) does not mitigate this risk. Provide a secure, verifiable installation method for `openclaw-agent`, such as an official installer with checksums, a trusted package manager, or clear instructions for verifying the binary's authenticity (e.g., code signing, trusted source). | LLM | SKILL.md:8 | |
| HIGH | Unverified remote script execution during installation The skill's installation manifest executes a remote shell script directly via `curl | sh`. This practice bypasses local review and verification, posing a significant supply chain risk. If the remote script source (https://release.solana.com/stable/install) were compromised, arbitrary code could be executed on the user's system during skill installation. While common for CLI tools, it is recommended to review the script content before execution. For automated systems, consider fetching the script, hashing it, and comparing against a known good hash, or using a more secure installation method if available (e.g., a trusted package manager). | LLM | Manifest | |
| MEDIUM | Installation of third-party package via `cargo install` The skill instructs users to install `metaboss` via `cargo install`. While `cargo` is a legitimate package manager, installing packages from public registries always carries a supply chain risk. A compromised package or a typosquatting attack could lead to the execution of malicious code on the user's system. Advise users to verify the authenticity and integrity of packages before installation. Consider pinning versions or using a private registry for critical dependencies to mitigate risks associated with public package registries. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/e7a28055196afd73)
Powered by SkillShield