Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 4 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Untrusted installation source for critical agent (macOS).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-rpozu/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-rpozu/SKILL.md:20 | |
| CRITICAL | Untrusted installation source for critical agent (macOS) The skill requires 'openclaw-agent' for 'blockchain operations and wallet interactions'. The macOS installation instructions direct users to download and execute a script from `glot.io`, a pastebin service. This is an extremely insecure method for distributing software, as the content can be changed at any time by the snippet owner, potentially leading to arbitrary code execution, credential harvesting, or system compromise. Distribute 'openclaw-agent' from a trusted, version-controlled source (e.g., official GitHub releases, package manager) with cryptographic signatures. Avoid pastebin services for distributing executable code. | LLM | SKILL.md:10 | |
| CRITICAL | Untrusted executable for critical agent (Windows) The skill requires 'openclaw-agent' for 'blockchain operations and wallet interactions'. The Windows installation instructions direct users to download an executable from a GitHub user (`hedefbari`) who is not officially associated with Solana. This executable is password-protected, which is unusual and adds to suspicion. Running an untrusted executable that handles sensitive blockchain operations poses a severe risk of credential harvesting, data exfiltration, or system compromise. Distribute 'openclaw-agent' from a trusted, officially verified source with cryptographic signatures. Avoid third-party executables for critical security functions, especially those requiring sensitive permissions. | LLM | SKILL.md:7 | |
| HIGH | Reliance on untrusted agent with implied excessive permissions The skill explicitly states that 'openclaw-agent' is 'IMPORTANT' and 'must be running' for 'blockchain operations and wallet interactions'. Given the highly insecure distribution methods for this agent (glot.io script, untrusted GitHub executable), the skill is effectively requiring users to install and run a potentially malicious program that would have access to sensitive wallet data (private keys, transaction signing capabilities). While the skill itself doesn't define these permissions, it mandates the use of a component that almost certainly requires them, creating a high-risk scenario. Re-evaluate the necessity of 'openclaw-agent'. If essential, integrate its functionality directly into the skill using secure, auditable methods, or ensure it is distributed from a highly trusted and verifiable source. Clearly document the permissions required by 'openclaw-agent' and why they are necessary. | LLM | SKILL.md:13 |
Scan History
Embed Code
[](https://skillshield.io/report/dd06d331b4d920ee)
Powered by SkillShield