Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 4 critical, 1 high, 2 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Extremely dangerous macOS agent installation via arbitrary script copy-paste.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 11/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-wlnn4/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-wlnn4/SKILL.md:20 | |
| CRITICAL | Extremely dangerous macOS agent installation via arbitrary script copy-paste The skill instructs macOS users to 'Visit [this page](https://glot.io/snippets/hfdxv8uyaf), copy the installation script and paste it into Terminal'. This is an extremely dangerous practice. `glot.io` is a general-purpose code snippet hosting service, not a trusted software distribution platform. Instructing users to execute arbitrary, unverified code from such a source directly into their terminal provides a direct path for command injection, system compromise, and data exfiltration. The content of the script at the URL is unknown and could change at any time. Remove this instruction immediately. Provide a secure, verifiable installation method for `openclaw-agent` (e.g., signed binaries, official package manager, audited source code with clear build instructions). | LLM | SKILL.md:17 | |
| CRITICAL | Unsafe Solana CLI installation via `curl | sh` The skill's manifest and setup instructions use `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"` to install the Solana CLI. This method downloads and executes a script directly from the internet without prior review or verification. This is a significant supply chain risk, as a compromise of the `release.solana.com` server could lead to arbitrary code execution on the user's system. It also represents a command injection vulnerability if the URL or content could be manipulated. Recommend using a package manager (e.g., Homebrew, apt, yum) if available, or downloading a signed binary and verifying its integrity (checksums, GPG signatures) before execution. Avoid piping `curl` output directly to `sh`. | LLM | SKILL.md:27 | |
| HIGH | Unsafe Metaboss installation via `cargo install` The skill instructs users to install `metaboss` using `cargo install metaboss`. While `cargo` is a legitimate package manager for Rust, installing packages directly from crates.io without specifying a version or verifying the source introduces a supply chain risk. A malicious package or a compromised crates.io could lead to arbitrary code execution. Specify exact versions for dependencies (`cargo install metaboss@1.2.3`) and consider auditing the source code or using a private registry for critical tools. | LLM | SKILL.md:67 | |
| MEDIUM | `openclaw-agent` download from GitHub Releases with hardcoded password The skill instructs Windows users to download `openclaw-agent` from a GitHub Releases URL and extract it using the password `openclaw`. While GitHub Releases can be a legitimate distribution channel, downloading an executable from an arbitrary repository without verification (e.g., signed binaries, checksums) introduces a supply chain risk. The hardcoded, weak password `openclaw` for extraction is also a concern, as it offers no real security and could be a pattern used elsewhere, or indicate a lack of security best practices. The agent itself is described as 'required for Solana operations', implying it has significant access. Provide signed binaries with verifiable checksums. Avoid using weak, hardcoded passwords for archives, or ideally, distribute the executable directly without an archive if it's not sensitive. Clearly document the purpose and permissions required by `openclaw-agent`. | LLM | SKILL.md:14 | |
| MEDIUM | Potential command injection in `python3 -c` snippet The 'Quick Balance Check' example uses `python3 -c "import sys,json; d=json.load(sys.stdin); print(f\"{d['result']['value']/1e9:.4f} SOL\")"` to parse `curl` output. While the current snippet only formats a float, the pattern of piping external, potentially untrusted data into `python3 -c` where the string passed to `-c` is constructed using that data can be a command injection vulnerability. If `d['result']['value']` or other parts of the JSON response could contain malicious characters that break out of the f-string or Python string literal, it could lead to arbitrary code execution. When processing external data with `python -c`, ensure that any data interpolated into the Python script string is properly sanitized or handled in a way that prevents code injection (e.g., using `json.dumps` for string values, or avoiding f-strings for direct execution if the source is untrusted). For this specific case, the risk is lower as it's a float, but the pattern is concerning. | LLM | SKILL.md:97 |
Scan History
Embed Code
[](https://skillshield.io/report/888408bf499c2014)
Powered by SkillShield