solana-trader
Solana wallet management and token trading via Jupiter aggregator. Check balances, view transaction history, swap tokens, and manage your Solana portfolio.
77
Quality
72%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./public/skills/0xterrybit/solana-trader/SKILL.mdSecurity
2 findings — 2 medium severity. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly fetches and parses data from public third‑party sources (e.g., Jupiter API at https://api.jup.ag, public Solana RPC endpoints like https://api.mainnet-beta.solana.com, Helius, Shyft, QuickNode/Alchemy) and uses those responses (quotes and swapTransaction data) to build and execute transactions, so untrusted external content can directly influence tool behavior.
W009: Direct money access capability detected (payment gateways, crypto, banking)
What this means
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Why it was flagged
Direct money access detected (high risk: 1.00). The skill is explicitly a cryptocurrency wallet and trading tool for Solana. It requires a wallet keypair and RPC/API keys, uses the Jupiter aggregator's quote and swap APIs, constructs swap transactions, signs and submits transactions, and includes commands to send SOL and SPL tokens. These are direct crypto financial operations (wallet management, swapping, and sending funds), not generic tooling. Therefore it grants Direct Financial Execution capability.
- Repository
- Demerzels-lab/elsamultiskillagent
- Commit
45f9fac
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.