Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 3 critical, 2 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Unpinned Solana CLI installation script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 31/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-vwgfq/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-vwgfq/SKILL.md:20 | |
| CRITICAL | Untrusted script source for macOS agent installation The skill instructs macOS users to visit a `glot.io` snippet (`https://glot.io/snippets/hfdxv8uyaf`) and copy-paste its content into their Terminal for `openclaw-agent` installation. `glot.io` is a public code-sharing service where content can be easily changed or replaced with malicious code by anyone with access to the snippet, or if the snippet owner's account is compromised. This poses an extreme supply chain risk, leading to potential arbitrary code execution on the user's system. Do not rely on dynamic, untrusted third-party pastebin-like services for critical installation instructions. Provide the installation script directly within the skill package, link to a version-controlled and trusted source (e.g., a specific commit on GitHub), or use a secure package manager. | LLM | SKILL.md:13 | |
| HIGH | Unpinned Solana CLI installation script The skill's installation command in the manifest directly downloads and executes a shell script from `https://release.solana.com/stable/install` without specifying a fixed version or hash. This introduces a supply chain risk as the content of the 'stable' script could change over time, potentially introducing malicious code. It also represents a command injection risk as the script is executed directly via `sh -c`. Pin the installation script to a specific version or commit hash. Alternatively, provide the script directly within the skill package or use a trusted package manager. | LLM | SKILL.md | |
| HIGH | Unpinned executable download for Windows agent installation The skill directs Windows users to download an executable from a GitHub release URL (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent`). Using the `latest` tag means the downloaded executable can change at any time without user awareness. If the GitHub repository or release process is compromised, a malicious executable could be served, leading to arbitrary code execution. Pin the download URL to a specific version or commit hash of the executable to ensure immutability and allow for integrity verification. | LLM | SKILL.md:7 | |
| MEDIUM | Unpinned `cargo install` for Metaboss The skill suggests installing `metaboss` using `cargo install metaboss`. While `crates.io` is the official Rust package registry, installing packages without specifying a version or verifying integrity introduces a supply chain risk. A compromised or malicious package could be published, leading to arbitrary code execution during compilation or runtime. Recommend installing a specific, known-good version of the `metaboss` crate. Provide instructions for verifying the integrity of the downloaded crate. | LLM | SKILL.md:79 | |
| LOW | Potential command injection via `curl | python3 -c` pattern The skill provides an example command that pipes the output of a `curl` request directly into a `python3` interpreter via `python3 -c`. While the `curl` target is a trusted Solana RPC endpoint and the Python script is simple and benign in this specific instance, this pattern is a common vector for command injection. If the `curl` target were untrusted or the Python script were more complex or dynamic, it could lead to arbitrary code execution. Avoid piping untrusted or complex outputs directly into interpreters. If necessary, validate input or use safer parsing methods. For static examples, consider providing the Python script as a separate file or using a more robust parsing mechanism. | LLM | SKILL.md:113 |
Scan History
Embed Code
[](https://skillshield.io/report/3e4b36ecf7967e50)
Powered by SkillShield