Trust Assessment
solana-trader received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include JavaScript Injection in Node.js Command, Shell Command Injection via Unsanitized URL Parameters, Shell Command Injection via Unsanitized CLI Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | JavaScript Injection in Node.js Command The skill demonstrates a pattern for importing a private key using `node -e` where the `$PRIVATE_KEY` variable is directly interpolated into a JavaScript string. If `$PRIVATE_KEY` originates from untrusted user input and contains malicious JavaScript, it could lead to arbitrary code execution within the Node.js environment. For example, injecting `'; console.log(process.env); //` into `$PRIVATE_KEY` would cause the environment variables to be logged. Ensure that any user-provided input, especially sensitive data like private keys, is properly sanitized or validated before being interpolated into executable code strings. For JavaScript, this typically involves escaping quotes and other special characters, or using a safer method for passing data (e.g., via environment variables or temporary files) rather than direct string interpolation. | LLM | SKILL.md:100 | |
| MEDIUM | Shell Command Injection via Unsanitized URL Parameters The skill constructs `curl` commands for Jupiter API calls by directly interpolating variables like `INPUT_MINT`, `OUTPUT_MINT`, `AMOUNT`, `SLIPPAGE_BPS`, and `PLATFORM_FEE_BPS` into the URL string. If these variables are derived from untrusted user input and are not properly URL-encoded or sanitized, an attacker could inject shell metacharacters (e.g., `&`, `|`, `;`) to execute arbitrary shell commands. For example, if `AMOUNT` was `100&ls -la`, it could lead to the execution of `ls -la`. Always sanitize and URL-encode any user-provided input before incorporating it into a URL string that will be executed by a shell command. Use a dedicated URL encoding function or library to ensure all special characters are properly escaped. | LLM | SKILL.md:250 | |
| MEDIUM | Shell Command Injection via Unsanitized CLI Arguments The skill demonstrates `solana transfer` and `spl-token transfer` commands where `RECIPIENT` and `AMOUNT` variables are directly interpolated as command-line arguments. If these variables originate from untrusted user input and are not properly sanitized or quoted, an attacker could inject additional command-line flags or commands. For example, if `RECIPIENT` was `foo" --evil-flag "bar`, it could manipulate the `solana transfer` command's behavior. Ensure that all user-provided input used as command-line arguments is properly sanitized and quoted to prevent argument injection. While double-quoting helps, robust sanitization should also consider escaping internal quotes or using argument arrays if the shell environment supports it. | LLM | SKILL.md:360 |
Scan History
Embed Code
[](https://skillshield.io/report/9041d01ebb0f2624)
Powered by SkillShield