Security Audit

solana-swaps

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

solana-swaps received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 3 critical, 2 high, 0 medium, and 0 low severity. Key findings include Command Injection via Unsanitized URL Parameters in Curl, Command Injection via Unsanitized Token Mint Address, Command Injection via Unsanitized Transaction Data to Node.js Script.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

5 findings

Dynamic Code

3 findings

Excessive Permissions

2 findings

Security Findings5

Severity	Finding	Layer	Location
CRITICAL	Command Injection via Unsanitized URL Parameters in Curl User-controlled variables (INPUT_MINT, OUTPUT_MINT, AMOUNT, SLIPPAGE_BPS) are directly interpolated into the URL query string of `curl` commands. If these variables originate from untrusted user input and are not properly sanitized or URL-encoded by the LLM, an attacker could inject shell commands or manipulate the URL, leading to arbitrary command execution or data exfiltration. Ensure all user-provided inputs (INPUT_MINT, OUTPUT_MINT, AMOUNT, SLIPPAGE_BPS) are strictly validated, URL-encoded, and shell-escaped before being used in `curl` commands. Implement explicit sanitization steps for all external inputs.	LLM	SKILL.md:60
CRITICAL	Command Injection via Unsanitized Token Mint Address The `<TOKEN_MINT_ADDRESS>` placeholder is directly used as an argument to the `spl-token balance` command. If this value comes from untrusted user input and is not properly sanitized or shell-escaped, an attacker could inject shell commands, leading to arbitrary command execution. Ensure user-provided `TOKEN_MINT_ADDRESS` is strictly validated (e.g., against a regex for Solana addresses) and shell-escaped before being passed as an argument to `spl-token`.	LLM	SKILL.md:40
CRITICAL	Command Injection via Unsanitized Transaction Data to Node.js Script The `$SWAP_TX` variable, which contains transaction data derived from a JSON response, is passed directly as a command-line argument to the `jupiter-swap.mjs` Node.js script. Although `jq -r` is used to extract the value, it only removes quotes and does not escape shell metacharacters. If `$SWAP_TX` contains characters like `;`, `&`, `\|`, or `$(...)`, it could lead to arbitrary command execution. Ensure `$SWAP_TX` is properly shell-escaped before being passed as an argument to the `node` command. Alternatively, modify the `jupiter-swap.mjs` script to read the transaction data from a file or stdin to avoid command-line argument injection vulnerabilities.	LLM	SKILL.md:100
HIGH	Supply Chain Risk: Unvetted Local Node.js Script The skill executes a local Node.js script (`jupiter-swap.mjs`) whose content is not provided in the analysis context. This script is critical for handling sensitive operations like signing and submitting Solana transactions using the user's private key. Without reviewing its source code, its security posture, potential vulnerabilities, or malicious intent cannot be assessed. This represents a significant supply chain risk, as a compromised or malicious script could lead to unauthorized access or loss of funds. Provide the complete source code for `jupiter-swap.mjs` for thorough security review. Ensure the script is meticulously vetted, follows secure coding practices, and does not contain any backdoors, vulnerabilities, or unnecessary network calls. Consider using a trusted, audited library or SDK instead of a custom script for critical operations.	LLM	SKILL.md:100
HIGH	Excessive Permissions / Sensitive Data Handling of Solana Keypair The skill requires and directly uses `SOLANA_KEYPAIR_PATH`, which points to the user's private key file. While necessary for the skill's core function (signing transactions), this grants full control over the user's Solana wallet. Any vulnerability in the skill's execution flow, or in the `jupiter-swap.mjs` script, could lead to the compromise of the private key or unauthorized transactions. The skill's own safety rule 'NEVER log, display, or transmit private key contents' highlights the sensitivity, yet the key is implicitly handled by external tools/scripts. Implement robust input validation and sanitization for all parameters passed to commands that use `SOLANA_KEYPAIR_PATH`. Ensure the `jupiter-swap.mjs` script is thoroughly audited. Explore options for using a secure enclave or hardware wallet integration if available, to minimize direct exposure of the file-based keypair. Minimize the scope of access for the keypair where possible and ensure it's only accessed when strictly necessary.	LLM	SKILL.md:28

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/2c5480187cf323af.svg)](https://skillshield.io/report/2c5480187cf323af)