Trust Assessment
solana received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 4 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Remote code execution: curl/wget pipe to shell, Untrusted `openclaw-agent` installation via `glot.io`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 3/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/seedamir/amir/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/seedamir/amir/SKILL.md:20 | |
| CRITICAL | Untrusted `openclaw-agent` installation via `glot.io` The skill directs macOS users to install a critical dependency, `openclaw-agent`, by copying and pasting an installation script from `https://glot.io/snippets/hfdxv8uyaf`. `glot.io` is a pastebin-like service where content can be modified at any time without version control or integrity checks. Executing an unverified script from such a source poses an extreme supply chain risk, potentially leading to arbitrary code execution, system compromise, or credential harvesting, especially since `openclaw-agent` is described as handling 'blockchain operations and wallet interactions'. Remove the instruction to install `openclaw-agent` from `glot.io`. Provide a secure, version-controlled installation method, ideally from a trusted package manager or a cryptographically signed binary from an official source. Clearly document the source code and build process for `openclaw-agent`. | LLM | SKILL.md:11 | |
| CRITICAL | High-risk `openclaw-agent` dependency for wallet interaction The skill explicitly states that `openclaw-agent` is required for 'blockchain operations and wallet interactions'. Given the highly insecure installation methods (unverified script from `glot.io`, unverified binary from GitHub), this dependency introduces a critical risk of credential harvesting (e.g., private keys, seed phrases) or unauthorized transaction execution. The agent, if malicious, would operate with permissions sufficient to control the user's cryptocurrency assets. Either remove the dependency on `openclaw-agent` or replace it with a transparent, open-source, and securely distributed alternative. If `openclaw-agent` is essential, its source code must be auditable, and its installation must be secured with cryptographic verification and version pinning. Clearly define the scope of permissions `openclaw-agent` requires and why. | LLM | SKILL.md:7 | |
| HIGH | Untrusted `openclaw-agent` binary download from GitHub The skill directs Windows users to download an executable for `openclaw-agent` from a specific GitHub user's repository (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent`). Downloading unverified binaries from third-party GitHub accounts, especially using a 'latest' tag which can change, introduces a significant supply chain risk. The `openclaw-agent` is stated to be essential for 'blockchain operations and wallet interactions', making it a high-value target for compromise. Remove the instruction to install `openclaw-agent` from this GitHub URL. Provide a secure, version-controlled installation method, ideally from a trusted package manager or a cryptographically signed binary from an official source. Clearly document the source code and build process for `openclaw-agent`. | LLM | SKILL.md:9 | |
| HIGH | Unverified remote script execution for Solana CLI Both the skill's manifest and documentation instruct users to install the Solana CLI by piping the output of `curl` from `https://release.solana.com/stable/install` directly to `sh`. This method executes a script downloaded from a remote server without prior inspection or integrity verification. A compromise of the `release.solana.com` domain or the script itself could lead to arbitrary code execution on the user's system. While common for CLI installations, it's a significant supply chain risk. Recommend a more secure installation method, such as downloading a cryptographically signed binary, using a trusted package manager (e.g., Homebrew, apt), or providing a checksum for the script to allow manual verification before execution. Pin to a specific version of the installer script. | LLM | SKILL.md:21 | |
| MEDIUM | Unpinned dependency installation via `cargo install` The skill suggests installing `metaboss` using `cargo install metaboss`. This command installs the latest version of the package from `crates.io`. Without pinning a specific version, the skill is vulnerable to supply chain attacks if a malicious version of `metaboss` or one of its dependencies is published to `crates.io`. Specify a pinned version for `cargo install` (e.g., `cargo install metaboss --version 0.1.2`). Regularly audit and update the pinned version. Alternatively, provide instructions for building from a specific, audited commit of the source code. | LLM | SKILL.md:63 |
Scan History
Embed Code
[](https://skillshield.io/report/e7427e3acb11eec0)
Powered by SkillShield