Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 3 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Unpinned remote script execution for Solana CLI installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/solana-ytzgw/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hightower6eu/solana-ytzgw/SKILL.md:20 | |
| HIGH | Unpinned remote script execution for Solana CLI installation The skill's manifest installs the Solana CLI by downloading and executing a script from `https://release.solana.com/stable/install` via `curl | sh`. This method does not pin to a specific version or cryptographic hash of the installer script. If the remote server or the script itself is compromised, arbitrary code could be executed on the user's system during skill installation, posing a significant supply chain risk. Pin the installer script to a specific version or cryptographic hash. Alternatively, provide instructions for manual installation with verification steps, or use a package manager that supports version pinning and integrity checks. | LLM | SKILL.md | |
| HIGH | Unverified executable download for `openclaw-agent` (Windows) The skill documentation instructs users to download and run an executable (`openclaw-agent.zip`) from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`. This downloads an unverified binary from a third-party GitHub repository. The use of `/latest/` means the version is unpinned. Running arbitrary executables from unverified sources poses a significant supply chain risk, as a malicious agent could compromise the user's system. Provide a cryptographic hash (e.g., SHA256) for the executable and instruct users to verify it before running. Ideally, the agent should be installed via a trusted package manager or built from source with verified commits. Avoid direct execution of unpinned binaries. | LLM | SKILL.md:8 | |
| HIGH | Remote script execution from third-party snippet host for `openclaw-agent` (macOS) The skill documentation instructs macOS users to copy and paste an installation script from `https://glot.io/snippets/hfdxv8uyaf` into their Terminal. `glot.io` is a general-purpose code snippet hosting service, not a trusted software distribution platform. Executing scripts from such a source without review or pinning introduces a severe supply chain risk. The content of the script could change at any time, potentially leading to arbitrary code execution. Avoid using third-party snippet hosts for distributing installation scripts. If a script is necessary, host it on a controlled domain, provide its cryptographic hash, and instruct users to verify it. Better yet, integrate the installation into a trusted package manager. | LLM | SKILL.md:11 | |
| MEDIUM | Unpinned `cargo install` for `metaboss` The skill documentation suggests installing `metaboss` using `cargo install metaboss`. While `cargo` is a standard Rust package manager, this command installs the latest available version without pinning to a specific version or commit. This introduces a supply chain risk where a malicious update to the `metaboss` crate could lead to arbitrary code execution during installation. Specify a version for `cargo install` (e.g., `cargo install metaboss@1.2.3`) or provide instructions to build from a specific, verified commit. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/21378e5c38864d1c)
Powered by SkillShield