Trust Assessment
solpaw received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 2 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Command Injection via unescaped shell variables in curl -d.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unescaped shell variables in curl -d The `SKILL.md` provides `curl` commands that construct JSON payloads using shell variables (e.g., `name`, `symbol`, `description`, `creator_wallet`, `image_id`, `csrf_token`). These variables are interpolated directly into the JSON string within single quotes. If any of these variables contain a single quote, it will break out of the JSON string and allow arbitrary shell command execution. The manifest's `command-arg-mode: "raw"` and `command-tool: "exec"` confirm that the entire command string is executed by the shell, making this a direct command injection vulnerability. When constructing shell commands with JSON payloads from potentially untrusted variables, use proper shell escaping for the JSON values. For example, use `printf %q` or a dedicated JSON escaping utility before interpolating into the `curl -d` argument. Alternatively, use a library that handles JSON construction and HTTP requests securely, rather than raw shell commands. | LLM | SKILL.md:88 | |
| HIGH | Direct handling of Solana private key from environment variable The skill explicitly requires `SOLANA_PRIVATE_KEY` as an environment variable, and the provided TypeScript SDK example demonstrates its direct use via `Keypair.fromSecretKey(bs58.decode(process.env.SOLANA_PRIVATE_KEY))` to create a `Keypair` for signing transactions. While necessary for the skill's functionality, loading a private key directly into an untrusted skill's memory creates a significant risk. A malicious or compromised skill could exfiltrate this private key, leading to complete compromise of the user's Solana wallet. Furthermore, if command injection occurs (as identified in another finding), an attacker could potentially access `SOLANA_PRIVATE_KEY` from the environment. Avoid passing raw private keys to skills. Instead, consider using a secure signing mechanism where the private key remains isolated (e.g., a hardware wallet, a secure enclave, or a separate signing service) and the skill only receives signed transactions or requests for signing. If direct key access is unavoidable, ensure the skill's code is thoroughly audited and sandboxed. | LLM | SKILL.md:116 | |
| HIGH | Potential data exfiltration via arbitrary file upload path The `SKILL.md` provides a `curl` command for uploading a token image using `-F "file=@token-logo.png"`. If the `token-logo.png` filename is derived from untrusted user input or agent-controlled variables without proper validation, an attacker could specify an arbitrary file path (e.g., `@/etc/passwd`, `@/root/.ssh/id_rsa`, or other sensitive files). This would cause the `curl` command to read the content of the specified file and upload it to the `api.solpaw.fun` endpoint, leading to data exfiltration. Ensure that any filename provided to the `curl -F "file=@..."` argument is strictly validated and sanitized. Only allow specific, expected filenames or enforce a secure file selection mechanism that prevents arbitrary path traversal. If the file is uploaded from a temporary location, ensure that location is isolated and cleared. | LLM | SKILL.md:77 | |
| MEDIUM | Unpinned npm dependency version Dependency '@solana/web3.js' is not pinned to an exact version ('^1.95.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/lvcidpsyche/solpaw-skill-v2/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/lvcidpsyche/solpaw-skill-v2/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/c7f1c28cbd932279)
Powered by SkillShield