Trust Assessment
solana-skill received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Weak Encryption of Private Keys.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Weak Encryption of Private Keys The skill encrypts sensitive private keys using a password derived from easily accessible and non-secret environment variables (`process.env.USER`, `process.env.HOME`). This `getDefaultPassword()` function makes the encryption trivially reversible by any attacker with read access to the encrypted wallet files, effectively exposing all stored private keys. This provides a false sense of security and makes private keys vulnerable to theft if the user's account or filesystem is compromised. Implement a robust secret management solution. This could involve prompting the user for a strong password/passphrase for each wallet or for a master password, integrating with a secure system keyring (e.g., `keytar` for Node.js), or using environment variables for less sensitive keys. The current approach offers no meaningful protection. | LLM | scripts/wallet.ts:60 | |
| HIGH | Incorrect Token Decimal Handling in Swaps The `resolveToken` function in `scripts/swap.ts` defaults to 9 decimals for any token not explicitly listed in `KNOWN_TOKENS`. If a user attempts to swap an unlisted token that has a different number of decimals (e.g., 6 for USDC-like tokens), the `amountRaw` calculation will be incorrect. This can lead to the skill attempting to swap an amount significantly different from the user's intention (e.g., 1000x more or less), resulting in financial loss or transaction failures. For unlisted tokens, the skill should dynamically fetch the token's decimal information from the Solana blockchain (e.g., via `connection.getParsedAccountInfo(mint)` or a token metadata API) before calculating the raw amount. Alternatively, require the user to explicitly provide the decimal count for unlisted tokens, or expand the `KNOWN_TOKENS` list to include more common tokens. | LLM | scripts/swap.ts:30 | |
| MEDIUM | Unpinned npm dependency version Dependency '@solana/web3.js' is not pinned to an exact version ('^1.98.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/chattyclaw/solana-basics/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/chattyclaw/solana-basics/package.json | |
| INFO | Unpinned Dependencies in package.json The `package.json` uses caret (`^`) ranges for dependencies, allowing minor and patch updates. While common, this practice can introduce unexpected breaking changes or security vulnerabilities if a new version of a dependency contains malicious code or a critical bug. For security-sensitive applications, exact pinning is often preferred to ensure deterministic builds. Pin dependencies to exact versions (e.g., `1.98.0` instead of `^1.98.0`) to ensure deterministic builds and prevent unintended updates. Regularly audit and manually update dependencies to incorporate necessary security fixes. | LLM | package.json:14 |
Scan History
Embed Code
[](https://skillshield.io/report/6e4e13999c9833ce)
Powered by SkillShield