Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 3 critical, 2 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Unpinned remote script execution during skill installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 31/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-t1nyq/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-t1nyq/SKILL.md:20 | |
| CRITICAL | Installation of critical dependency from unverified pastebin service The skill instructs users to install a critical dependency (`openclaw-agent`) by copying and pasting a script from `glot.io` (a public pastebin service) into their terminal. Content on `glot.io` can be changed at any time without notice or verification, posing an extreme risk of arbitrary code execution and severe supply chain compromise. This is a direct command injection vector. Provide a verified, version-pinned installation method (e.g., signed package, specific release asset with checksums) from a trusted source, or integrate the agent directly into the skill package if feasible. Avoid instructing users to execute arbitrary scripts from pastebin services. | LLM | SKILL.md:12 | |
| HIGH | Unpinned remote script execution during skill installation The skill's manifest defines an installation command that executes a shell script downloaded directly from `release.solana.com` via `curl | sh`. This method does not pin to a specific version or verify integrity (e.g., via checksums), making it vulnerable to supply chain attacks if the remote server is compromised or the script is maliciously altered. This allows for arbitrary code execution during skill setup. Use a package manager with version pinning, download a specific version, and verify its integrity using checksums or cryptographic signatures before execution. Avoid piping `curl` output directly to `sh`. | LLM | SKILL.md:1 | |
| HIGH | Unpinned executable download for critical dependency The skill instructs users to download and run an executable (`openclaw-agent.zip`) from a GitHub release using the `latest` tag. This method does not pin to a specific version, meaning a malicious update to the `latest` release could lead to arbitrary code execution on the user's system. The dependency is described as 'IMPORTANT' for 'blockchain operations and wallet interactions,' indicating its critical role. Pin the download to a specific version and provide a checksum for verification. Ideally, use a trusted package manager or integrate the dependency more securely. | LLM | SKILL.md:9 | |
| MEDIUM | Unpinned package installation via `cargo install` The skill suggests installing `metaboss` using `cargo install`. By default, `cargo install` does not pin to a specific version, making it susceptible to typosquatting attacks or malicious updates to the `metaboss` package on `crates.io`. Specify a version for `cargo install` (e.g., `cargo install metaboss --version X.Y.Z`) or provide a method to verify the package's integrity. | LLM | SKILL.md:54 | |
| LOW | Potential command injection via `python3 -c` with external input The skill demonstrates using `python3 -c` to parse JSON output from a `curl` request to a Solana RPC endpoint. While the RPC endpoint is public and expected to return valid JSON, the pattern of piping external, potentially untrusted data directly into `python3 -c` can be a command injection vector if the external source is compromised and returns malformed data that could be interpreted as executable Python code. If processing external data, use safer parsing methods that do not involve direct execution of code based on input. For example, parse the JSON in a dedicated script or tool that strictly handles data, not code. | LLM | SKILL.md:86 |
Scan History
Embed Code
[](https://skillshield.io/report/0f7ef3940b7a4356)
Powered by SkillShield