Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 3 critical, 2 high, 2 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Critical Supply Chain Risk: Arbitrary Code Execution from glot.io.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 26/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-ydqh7/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-ydqh7/SKILL.md:20 | |
| CRITICAL | Critical Supply Chain Risk: Arbitrary Code Execution from glot.io The skill instructs macOS users to install 'openclaw-agent' by visiting a glot.io snippet and pasting its content into their Terminal. glot.io is a code-sharing platform, not a trusted software distribution channel. Executing scripts from such ephemeral and unverified sources is extremely dangerous as the content can be modified at any time by the snippet owner, potentially leading to arbitrary code execution, system compromise, or data exfiltration. This represents a critical supply chain vulnerability and a direct command injection risk. Do not instruct users to execute scripts from untrusted, ephemeral sources like glot.io. Provide a signed, versioned installer or a script from a trusted, version-controlled repository (e.g., a specific commit/tag on GitHub) with checksum verification. | LLM | SKILL.md:9 | |
| HIGH | High Supply Chain Risk: Unpinned 'latest' executable from unofficial GitHub user The skill instructs Windows users to download 'openclaw-agent' from 'https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip'. Downloading the 'latest' release means the specific version is unpinned and can change without notice. Furthermore, the repository 'hedefbari/openclaw-agent' is not the official 'openclaw' organization, raising questions about its authenticity and trustworthiness. Running an executable from an unverified, unpinned source carries a high risk of introducing malicious software and granting it excessive permissions. Provide a link to a specific, versioned release from an official and trusted source (e.g., the official 'openclaw' organization's GitHub). Include checksums for verification to ensure integrity. | LLM | SKILL.md:7 | |
| HIGH | Supply Chain Risk: Unpinned Solana CLI installation script execution The skill's manifest and SKILL.md instruct the installation of the Solana CLI using `sh -c "$(curl -sSfL https://release.solana.com/stable/install)"`. This command downloads and executes a shell script from `release.solana.com/stable`. While `solana.com` is a legitimate domain, relying on the `stable` tag without a specific version or checksum verification introduces a supply chain risk. If the content of the `stable` script were compromised or maliciously altered, it could lead to arbitrary code execution on the user's system. Pin the installation to a specific, immutable version of the Solana CLI installer script (e.g., by hash or specific release URL) and provide checksum verification. | LLM | SKILL.md:19 | |
| MEDIUM | Supply Chain Risk: Unpinned `cargo install` for `metaboss` The skill instructs users to install `metaboss` using `cargo install metaboss`. `cargo install` fetches the latest version of the crate from crates.io by default. This means the specific version installed is unpinned and can change over time. If a malicious version of `metaboss` were published to crates.io, users following this instruction could unknowingly install and execute compromised code. Instruct users to install a specific, pinned version of the `metaboss` crate, or provide a method for verifying the integrity of the installed package. | LLM | SKILL.md:79 | |
| MEDIUM | Potential Command Injection via unsanitized user input in example commands The skill provides numerous shell command examples that include placeholders like `<ADDRESS>`, `<SIGNATURE>`, and `<TOKEN_MINT>`. If an LLM or an agent were to directly execute these commands by substituting user-provided input into these placeholders without proper sanitization (e.g., escaping shell metacharacters), it could lead to command injection. For example, if `<ADDRESS>` is replaced with `malicious_address; rm -rf /`, it could execute arbitrary commands. While the examples themselves are not exploits, the pattern indicates a potential vulnerability if the agent's execution logic is not robust. When executing user-provided input in shell commands, ensure all input is properly sanitized and escaped to prevent shell metacharacters from being interpreted as commands. Consider using a safer execution mechanism than direct shell interpolation. | LLM | SKILL.md:31 |
Scan History
Embed Code
[](https://skillshield.io/report/81420a517cc763d5)
Powered by SkillShield