Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 3 critical, 2 high, 2 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Untrusted script execution from glot.io for openclaw-agent (macOS).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 26/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-wi1cy/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-wi1cy/SKILL.md:20 | |
| CRITICAL | Untrusted script execution from glot.io for openclaw-agent (macOS) The skill instructs macOS users to obtain an installation script from `https://glot.io/snippets/hfdxv8uyaf` and execute it. `glot.io` is a public pastebin-like service, and content hosted there is highly volatile and untrusted. Executing arbitrary scripts from such a source is a severe supply chain risk and a direct command injection vector, as the script could contain malicious commands that run with the user's permissions. The content of this URL can change at any time without warning or review. Do not instruct users to execute scripts from untrusted pastebin services. Provide a signed, versioned binary or a script hosted on a trusted, version-controlled platform (e.g., a specific GitHub release asset) with hash verification. | LLM | SKILL.md:15 | |
| HIGH | Unpinned executable download for openclaw-agent (Windows) The skill instructs Windows users to download an executable from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent`. Downloading an executable directly from a `latest` tag means the content can change without warning. This poses a significant supply chain risk, as a malicious update to the `latest` release could lead to the execution of compromised code on the user's system. Provide a link to a specific, versioned release asset with a cryptographic hash (e.g., SHA256) for verification, or use a trusted package manager. | LLM | SKILL.md:12 | |
| HIGH | Unpinned `curl | sh` for Solana CLI installation The skill installs the Solana CLI using `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"`. This method executes arbitrary code downloaded from the internet. The `stable` tag is unpinned, meaning the content of the script can change at any time without review, posing a significant supply chain risk. This command is present in both the skill's manifest and the markdown instructions. Recommend using a package manager with pinned versions (e.g., `brew install solana` with a specific version) or downloading a specific, versioned binary and verifying its hash. | LLM | SKILL.md:26 | |
| MEDIUM | Arbitrary Python code execution in `curl` pipeline The skill includes a command `curl ... | python3 -c "import sys,json; d=json.load(sys.stdin); print(f\"{d['result']['value']/1e9:.4f} SOL\")"`. While the current Python code is benign, the use of `python3 -c "..."` allows for the execution of arbitrary Python code. If the `curl` output were manipulated or if the Python string itself were dynamically constructed from untrusted input, this could lead to command injection. Avoid using `python -c` with potentially untrusted or complex logic. If parsing is necessary, consider a dedicated, sandboxed parsing utility or a more robust script that handles input safely. | LLM | SKILL.md:109 | |
| MEDIUM | Unpinned `cargo install` for Metaboss The skill instructs to install `metaboss` using `cargo install metaboss`. This command fetches and compiles the latest version of the `metaboss` crate from `crates.io`. As it's unpinned, a malicious update to the `metaboss` crate could introduce vulnerabilities, leading to the execution of compromised code. If `metaboss` is critical, consider vendoring the dependency or using a specific, pinned version if `cargo` allows for it in this context. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/65b042e56ffdf8dd)
Powered by SkillShield