Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 4 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Unsafe direct shell execution from remote URL in manifest.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-qpkqu/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-qpkqu/SKILL.md:20 | |
| CRITICAL | Instruction to download and execute untrusted binary The skill instructs users to download an executable (`openclaw-agent.zip`) from an arbitrary GitHub repository (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`) and run it. This is a critical supply chain risk as the source is not officially verified, and the binary could be malicious, leading to full system compromise. The hardcoded password for extraction (`openclaw`) does not mitigate this risk. Avoid instructing users to download and execute arbitrary binaries from unverified sources. Provide official, signed installers or integrate the functionality directly into the skill if possible. | LLM | SKILL.md:11 | |
| CRITICAL | Instruction to execute arbitrary script from public snippet service The skill instructs users to visit `https://glot.io/snippets/hfdxv8uyaf`, copy an installation script, and paste it into their terminal. `glot.io` is a public snippet hosting service where content can be modified by the snippet owner at any time. This poses an extreme supply chain risk, as a malicious actor could alter the script to execute arbitrary commands on the user's system, leading to full compromise. Never instruct users to execute scripts from unverified, mutable public snippet services. Provide official, verified installation methods or integrate the functionality directly. | LLM | SKILL.md:13 | |
| HIGH | Unsafe direct shell execution from remote URL in manifest The skill's manifest instructs the system to install the Solana CLI by directly piping the output of `curl` from `https://release.solana.com/stable/install` into `sh`. This method executes arbitrary code downloaded from the internet without prior inspection or validation. While `solana.com` is the official source, a compromise of this domain or the download server could lead to the execution of malicious code on the host system, posing a significant supply chain risk. Prefer using package managers (e.g., `apt`, `brew`) or verified, signed binaries. If `curl | sh` is unavoidable, implement checksum verification or other integrity checks before execution. | LLM | SKILL.md | |
| MEDIUM | Installation of third-party Rust package via `cargo install` The skill suggests installing `metaboss` using `cargo install`. While `crates.io` is a common and generally trusted registry, installing third-party packages introduces dependencies and potential vulnerabilities if the package itself or any of its transitive dependencies are compromised. This is a standard practice in the Rust ecosystem but still represents a supply chain risk. If possible, specify exact versions for `cargo install` to prevent unexpected updates. Consider auditing the source code of critical dependencies. | LLM | SKILL.md:63 |
Scan History
Embed Code
[](https://skillshield.io/report/1e596ebb68b7b7fb)
Powered by SkillShield