Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Unpinned Solana CLI installation via curl | sh in manifest.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-wrq1l/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-wrq1l/SKILL.md:20 | |
| CRITICAL | Instruction to execute unpinned script from public snippet service The skill instructs users to visit `https://glot.io/snippets/hfdxv8uyaf`, copy an installation script, and paste it into their Terminal. `glot.io` is a public code snippet hosting service, and content can be changed at any time without notice or version control. This poses an extreme supply chain risk, as a malicious actor could modify the snippet to execute arbitrary commands on the user's system. This is a direct instruction to the user to perform a highly insecure action. Do not instruct users to download and execute unverified, unpinned scripts from public snippet services. Provide a secure, version-controlled installation method, ideally with checksum verification, or bundle the necessary components within the skill package if allowed. | LLM | SKILL.md:10 | |
| HIGH | Unpinned Solana CLI installation via curl | sh in manifest The skill's manifest defines an installation command for the Solana CLI that pipes the output of `curl` directly to `sh`. This method downloads and executes a script from `https://release.solana.com/stable/install`. While `release.solana.com` is the official source, using the `stable` tag without pinning to a specific version or hash introduces a supply chain risk. If the `stable` script on the server were compromised, malicious code could be executed during skill installation. Pin the Solana CLI installation to a specific version or commit hash. For example, download a specific release binary or script, verify its integrity (e.g., via checksum), and then execute it. | LLM | Manifest | |
| HIGH | Unpinned `openclaw-agent` download from GitHub `latest` release The skill instructs users to download `openclaw-agent.zip` from a GitHub `latest` release URL (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`). Relying on the `latest` tag means the downloaded file can change without warning. If the `hedefbari/openclaw-agent` repository or its release process were compromised, a malicious `latest` release could be distributed, leading to arbitrary code execution on the user's system. Pin the download to a specific version or commit hash of `openclaw-agent.zip` and provide a checksum for verification. | LLM | SKILL.md:7 | |
| MEDIUM | Unpinned `cargo install` for `metaboss` The skill instructs users to install `metaboss` using `cargo install metaboss`. This command downloads and compiles the latest version of the `metaboss` crate from `crates.io`. Without specifying a version, this introduces a supply chain risk. If a malicious version of `metaboss` were published to `crates.io` or if a typosquatting attack occurred, arbitrary code could be executed on the user's system during installation. Specify a pinned version for `cargo install` (e.g., `cargo install metaboss --version 0.1.2`) and ideally provide a mechanism for verifying the integrity of the downloaded crate. | LLM | SKILL.md:68 |
Scan History
Embed Code
[](https://skillshield.io/report/29ea8dc506d92283)
Powered by SkillShield