Security Audit

solpaw

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

solpaw received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 6 findings: 2 critical, 0 high, 2 medium, and 2 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Arbitrary Command Execution via 'exec' Command Tool.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 31/100, indicating areas for improvement.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

91%

LLM Behavioral Safety

31%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

3 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings6

Severity	Finding	Layer	Location
CRITICAL	Arbitrary Command Execution via 'exec' Command Tool The skill's manifest is configured with `"command-tool": "exec"`, which allows the skill to execute arbitrary shell commands. This is a highly dangerous configuration as it enables command injection. Any untrusted input passed to the skill could be crafted to execute malicious commands on the host system, leading to full system compromise, data exfiltration, or credential theft. Reconfigure the skill to use a more restrictive command dispatch mechanism, such as `tool` with specific, whitelisted commands, or a sandboxed execution environment. If `exec` is absolutely necessary, implement rigorous input sanitization and validation for all arguments passed to shell commands to prevent injection.	LLM	SKILL.md:1
CRITICAL	Direct Use of Solana Private Key from Environment Variable The skill explicitly requires and directly uses `SOLANA_PRIVATE_KEY` from environment variables for signing transactions, as indicated in the prerequisites, `skill.json` environment declaration, and the TypeScript SDK example. Storing and directly using a private key in an environment variable for an automated agent is a severe security risk. Combined with the `command-tool: "exec"` configuration, a successful command injection attack would allow an attacker to immediately access and exfiltrate the private key, leading to complete compromise of the associated Solana wallet. Avoid storing private keys directly in environment variables. Instead, use secure key management solutions (e.g., hardware security modules, cloud key management services, or encrypted vaults) that require explicit authorization for each signing operation. If direct access is unavoidable, ensure the execution environment is heavily sandboxed and isolated, and all inputs are rigorously validated.	LLM	SKILL.md:39
MEDIUM	Unpinned npm dependency version Dependency '@solana/web3.js' is not pinned to an exact version ('^1.95.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/lvcidpsyche/solpaw-skill-final/package.json
MEDIUM	Unpinned Dependency Version The `package.json` specifies `@solana/web3.js` with a caret (`^`) version range (`^1.95.0`). This allows for automatic updates to minor and patch versions, which introduces a supply chain risk. A malicious or vulnerable update to this dependency could be automatically pulled into the skill without explicit review, potentially compromising its security. Pin dependencies to exact versions (e.g., `"@solana/web3.js": "1.95.0"`) to ensure deterministic builds and prevent unexpected changes from upstream packages. Regularly audit and manually update dependencies after reviewing their changelogs.	LLM	package.json:19
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/lvcidpsyche/solpaw-skill-final/package.json
LOW	Environment Variable Interpolation in Shell Commands The `SKILL.md` examples demonstrate direct interpolation of environment variables (`$SOLPAW_API_KEY`, `$SOLPAW_CREATOR_WALLET`) into `curl` commands. While these specific variables might be intended for API interaction and a public key, this pattern, especially when combined with the `command-tool: "exec"` configuration, could lead to data exfiltration if other sensitive environment variables were similarly interpolated or if the API key were to be logged or exposed in error messages. Avoid direct interpolation of environment variables into shell commands. Use secure methods for passing sensitive data, such as dedicated command arguments that are not logged, or ensure that sensitive data is not exposed in command logs or error outputs. For API keys, consider using dedicated HTTP client libraries that handle authentication securely.	LLM	SKILL.md:55

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/0d20c251333f1d11.svg)](https://skillshield.io/report/0d20c251333f1d11)