solana-development Security Report — Low Risk | ClawSafe

15 /100

solana-development

Build Solana programs with Anchor framework or native Rust. Use when developing Solana smart contracts, implementing token operations, testing programs, deploying to networks, or working with Solana development.

A pure Markdown reference documentation skill for Solana/Anchor development. The only notable signal is a documented `curl|bash` installation command for Solana CLI, which is the official installation method and appropriately declared in the reference documentation.

Skill Namesolana-development

Duration26.8s

Enginepi

✓

Safe to install

No action needed. The skill is a legitimate documentation reference. The `curl|bash` pattern is the official Solana installation method and is clearly documented as part of the installation instructions.

Findings 1 items

Severity	Finding	Location
Low	Documented shell installation command RCE The file references/anchor.md contains `curl --proto '=https' --tlsv1.2 -sSfL https://solana-install.solana.workers.dev \| bash` as a documented installation step for the Solana CLI. This is the official installation method endorsed by Solana Labs and is appropriate within a Solana development skill. The command is in a fenced code block, not hidden, and directly relevant to the skill's purpose. `curl --proto '=https' --tlsv1.2 -sSfL https://solana-install.solana.workers.dev \| bash` → No action required. This is the official Solana installation method and is appropriate documentation for a Solana development skill.	`references/anchor.md:29`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations in any .md content
Network	`NONE`	`NONE`	—	No HTTP requests or network calls in code — URLs are documentation references
Shell	`NONE`	`NONE`	—	No shell commands executed; `curl\|bash` is documented text, not code execution
Environment	`NONE`	`NONE`	—	No environment variable access in content
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

1 Critical 137 findings

💀

Critical Dangerous Command 危险 Shell 命令

curl --proto '=https' --tlsv1.2 -sSfL https://solana-install.solana.workers.dev | bash

references/anchor.md:29

🔗

Medium External URL 外部 URL

https://www.apache.org/licenses/

LICENSE.txt:3

🔗

Medium External URL 外部 URL

https://discord.gg/srmqvxf

SKILL.md:354

🔗

Medium External URL 外部 URL

https://www.anchor-lang.com/docs

SKILL.md:354

🔗

Medium External URL 外部 URL

https://solana.stackexchange.com/

SKILL.md:355

🔗

Medium External URL 外部 URL

https://discord.gg/solana

SKILL.md:355

🔗

Medium External URL 外部 URL

https://solana.com/docs/core/programs#loader-programs

references/accounts.md:75

🔗

Medium External URL 外部 URL

https://solana-install.solana.workers.dev

references/anchor.md:29

🔗

Medium External URL 外部 URL

https://beta.solpg.io/

references/anchor.md:63

💰

Medium Wallet Address 加密货币钱包地址

11111111111111111111111111111111

references/anchor.md:84

🔗

Medium External URL 外部 URL

https://solanakit.org

references/anchor.md:621

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@solana/compat

references/anchor.md:621

🔗

Medium External URL 外部 URL

https://api.devnet.solana.com

references/anchor.md:653

🔗

Medium External URL 外部 URL

http://127.0.0.1:8899

references/anchor.md:807

🔗

Medium External URL 外部 URL

https://api.mainnet-beta.solana.com

references/anchor.md:1220

🔗

Medium External URL 外部 URL

https://www.anchor-lang.com

references/anchor.md:1646

🔗

Medium External URL 外部 URL

https://discord.gg/anchor

references/anchor.md:1649

🔗

Medium External URL 外部 URL

https://www.framework-kit.com/

references/client-development.md:21

🔗

Medium External URL 外部 URL

https://your-rpc.example.com

references/client-development.md:47

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@solana/kit

references/client-development.md:244

🔗

Medium External URL 外部 URL

https://solana.com/developers/guides/advanced/how-to-optimize-compute

references/compute-optimization.md:661

🔗

Medium External URL 外部 URL

https://www.youtube.com/watch?v=7CbAK7Oq_o4

references/compute-optimization.md:669

🔗

Medium External URL 外部 URL

https://www.youtube.com/watch?v=xoJ-3NkYXfY

references/compute-optimization.md:670

🔗

Medium External URL 外部 URL

https://www.youtube.com/watch?v=Pwly1cOa2hg

references/compute-optimization.md:671

🔗

Medium External URL 外部 URL

https://www.youtube.com/watch?v=eacDC0VgyxI

references/compute-optimization.md:672

🔗

Medium External URL 外部 URL

https://rareskills.io/post/solana-compute-unit-price

references/compute-optimization.md:675

🔗

Medium External URL 外部 URL

https://www.helius.dev/blog/priority-fees-understanding-solanas-transaction-fee-mechanics

references/compute-optimization.md:676

🔗

Medium External URL 外部 URL

https://api.apr.dev

references/deployment.md:67

🔗

Medium External URL 外部 URL

https://docs.docker.com/engine/install/

references/deployment.md:608

🔗

Medium External URL 外部 URL

https://verify.osec.io/status/

references/deployment.md:750

🔗

Medium External URL 外部 URL

https://explorer.solana.com

references/deployment.md:754

🔗

Medium External URL 外部 URL

https://solana.fm

references/deployment.md:755

🔗

Medium External URL 外部 URL

https://solscan.io

references/deployment.md:756

🔗

Medium External URL 外部 URL

https://solanaverify.org

references/deployment.md:757

🔗

Medium External URL 外部 URL

https://verify.osec.io/verified-programs

references/deployment.md:758

🔗

Medium External URL 外部 URL

https://myproject.com

references/deployment.md:768

🔗

Medium External URL 外部 URL

https://v4.squads.so/

references/deployment.md:825

🔗

Medium External URL 外部 URL

https://your-rpc-provider.com

references/deployment.md:1142

🔗

Medium External URL 外部 URL

https://www.quicknode.com/gas-tracker/solana

references/deployment.md:1157

🔗

Medium External URL 外部 URL

https://solanacompass.com/gas-fees

references/deployment.md:1158

🔗

Medium External URL 外部 URL

https://explorer.solana.com/address/

references/deployment.md:1262

🔗

Medium External URL 外部 URL

https://solscan.io/account/

references/deployment.md:1263

🔗

Medium External URL 外部 URL

https://www.helius.dev/

references/deployment.md:1269

🔗

Medium External URL 外部 URL

https://www.quicknode.com/

references/deployment.md:1270

🔗

Medium External URL 外部 URL

https://solana.fm/

references/deployment.md:1271

🔗

Medium External URL 外部 URL

https://your-premium-rpc.com

references/deployment.md:1453

🔗

Medium External URL 外部 URL

https://docs.solana.com/cli

references/deployment.md:1821

🔗

Medium External URL 外部 URL

https://www.anchor-lang.com/

references/deployment.md:1822

🔗

Medium External URL 外部 URL

https://verify.osec.io/

references/deployment.md:1824

🔗

Medium External URL 外部 URL

https://squads.so/

references/deployment.md:1825

🔗

Medium External URL 外部 URL

https://solana.com/developers/guides/advanced/introduction-to-durable-nonces

references/durable-nonces.md:948

🔗

Medium External URL 外部 URL

https://docs.anza.xyz/implemented-proposals/durable-tx-nonces

references/durable-nonces.md:949

🔗

Medium External URL 外部 URL

https://docs.anza.xyz/cli/examples/durable-nonce

references/durable-nonces.md:950

🔗

Medium External URL 外部 URL

https://neodyme.io/en/blog/nonce-upon-a-time/

references/durable-nonces.md:957

🔗

Medium External URL 外部 URL

https://docs.rs/solana-sdk/latest/solana_sdk/nonce/state/enum.State.html

references/durable-nonces.md:960

🔗

Medium External URL 外部 URL

https://docs.rs/solana-sdk/latest/solana_sdk/system_instruction/

references/durable-nonces.md:961

🔗

Medium External URL 外部 URL

https://docs.rs/solana-program

references/native-rust.md:2035

🔗

Medium External URL 外部 URL

https://solanacookbook.com/

references/native-rust.md:2036

🔗

Medium External URL 外部 URL

https://spl.solana.com/token

references/native-rust.md:2037

🔗

Medium External URL 外部 URL

https://explorer.solana.com/address/SPL1T3rERcu6P6dyBiG7K8LUr21CssZqDAszwANzNMB

references/production-deployment.md:257

🔗

Medium External URL 外部 URL

https://verify.osec.io/status/SPL1T3rERcu6P6dyBiG7K8LUr21CssZqDAszwANzNMB

references/production-deployment.md:261

🔗

Medium External URL 外部 URL

https://squads.so

references/production-deployment.md:484

🔗

Medium External URL 外部 URL

https://solana.com/docs/

references/resources.md:8

🔗

Medium External URL 外部 URL

https://solana.com/developers/cookbook

references/resources.md:9

🔗

Medium External URL 外部 URL

https://solana.com/developers/courses/

references/resources.md:10

🔗

Medium External URL 外部 URL

https://book.anchor-lang.com/

references/resources.md:16

🔗

Medium External URL 外部 URL

https://examples.anchor-lang.com/

references/resources.md:17

🔗

Medium External URL 外部 URL

https://docs.rs/anchor-lang

references/resources.md:18

🔗

Medium External URL 外部 URL

https://docs.rs/anchor-spl

references/resources.md:19

🔗

Medium External URL 外部 URL

https://spl.solana.com/

references/resources.md:23

🔗

Medium External URL 外部 URL

https://www.anchor-lang.com/playground

references/resources.md:47

🔗

Medium External URL 外部 URL

https://play.rust-lang.org/

references/resources.md:48

🔗

Medium External URL 外部 URL

https://www.anchor-lang.com/docs/cli

references/resources.md:52

🔗

Medium External URL 外部 URL

https://explorer.solana.com/

references/resources.md:53

🔗

Medium External URL 外部 URL

https://solscan.io/

references/resources.md:55

🔗

Medium External URL 外部 URL

https://xray.helius.dev/

references/resources.md:56

🔗

Medium External URL 外部 URL

https://solana.com/docs/programs/testing/mollusk

references/resources.md:60

🔗

Medium External URL 外部 URL

https://docs.solana.com/developing/test-validator

references/resources.md:61

🔗

Medium External URL 外部 URL

https://book.anchor-lang.com/anchor_in_depth/testing.html

references/resources.md:62

🔗

Medium External URL 外部 URL

https://solana.com/docs/programs/verified-builds

references/resources.md:66

🔗

Medium External URL 外部 URL

https://solana.com/developers/courses/native-onchain-development

references/resources.md:71

🔗

Medium External URL 外部 URL

https://solana.com/developers/courses/onchain-development

references/resources.md:72

🔗

Medium External URL 外部 URL

https://solana.com/developers/courses/program-security

references/resources.md:73

🔗

Medium External URL 外部 URL

https://www.rareskills.io/solana-tutorial

references/resources.md:76

🔗

Medium External URL 外部 URL

https://0xkowloon.gitbook.io/anchor-for-evm-developers

references/resources.md:77

🔗

Medium External URL 外部 URL

https://ackee.xyz/solana/book/latest/

references/resources.md:78

🔗

Medium External URL 外部 URL

https://doc.rust-lang.org/book/

references/resources.md:81

🔗

Medium External URL 外部 URL

https://doc.rust-lang.org/rust-by-example/

references/resources.md:82

🔗

Medium External URL 外部 URL

https://docs.solana.com/cluster/overview

references/resources.md:85

🔗

Medium External URL 外部 URL

https://docs.solana.com/developing/programming-model/overview

references/resources.md:86

🔗

Medium External URL 外部 URL

https://solana.com/docs/core/accounts

references/resources.md:87

🔗

Medium External URL 外部 URL

https://www.helius.dev/blog

references/resources.md:101

🔗

Medium External URL 外部 URL

https://solana.com/news

references/resources.md:102

🔗

Medium External URL 外部 URL

https://substack.com/@pineanalytics1

references/resources.md:103

🔗

Medium External URL 外部 URL

https://docs.rs/borsh

references/resources.md:111

🔗

Medium External URL 外部 URL

https://docs.rs/spl-token

references/resources.md:112

🔗

Medium External URL 外部 URL

https://docs.rs/spl-token-2022

references/resources.md:113

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@solana/client

references/resources.md:118

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@solana/react-hooks

references/resources.md:118

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@solana/web3-compat

references/resources.md:119

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@coral-xyz/anchor

references/resources.md:126

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@solana/spl-token

references/resources.md:127

🔗

Medium External URL 外部 URL

https://www.alchemy.com/solana

references/resources.md:141

🔗

Medium External URL 外部 URL

https://triton.one/

references/resources.md:142

🔗

Medium External URL 外部 URL

https://docs.solana.com/cluster/rpc-endpoints

references/resources.md:143

🔗

Medium External URL 外部 URL

https://superteam.fun/

references/resources.md:149

🔗

Medium External URL 外部 URL

https://learn.blueshift.gg/

references/resources.md:150

🔗

Medium External URL 外部 URL

https://superteam.fun/germany

references/resources.md:153

🔗

Medium External URL 外部 URL

https://superteam.fun/india

references/resources.md:154

🔗

Medium External URL 外部 URL

https://superteam.fun/vietnam

references/resources.md:155

🔗

Medium External URL 外部 URL

https://superteam.fun/latam

references/resources.md:156

🔗

Medium External URL 外部 URL

https://solana.com/developers/guides

references/resources.md:161

🔗

Medium External URL 外部 URL

https://docs.solana.com/cli/deploy-a-program

references/resources.md:166

🔗

Medium External URL 外部 URL

https://docs.solana.com/cli/wallets/paper

references/resources.md:168

🔗

Medium External URL 外部 URL

https://www.metaplex.com/

references/resources.md:171

🔗

Medium External URL 外部 URL

https://www.dialect.to/

references/resources.md:173

🔗

Medium External URL 外部 URL

https://mainnet.helius-rpc.com?api-key=YOUR_KEY

references/surfpool.md:76

🔗

Medium External URL 外部 URL

https://your-rpc.com

references/surfpool.md:482

🔗

Medium External URL 外部 URL

https://docs.surfpool.run

references/surfpool.md:497

🔗

Medium External URL 外部 URL

https://www.youtube.com/playlist?list=PL0FMgRjJMRzO1FdunpMS-aUS4GNkgyr3T

references/surfpool.md:499

🔗

Medium External URL 外部 URL

https://discord.gg/rqXmWsn2ja

references/surfpool.md:500

🔗

Medium External URL 外部 URL

https://solana.com/docs/intro/installation/surfpool-cli-basics

references/surfpool.md:501

🔗

Medium External URL 外部 URL

https://docs.rs/mollusk-svm/latest/mollusk_svm/

references/testing-practices.md:489

🔗

Medium External URL 外部 URL

https://www.anchor-lang.com/docs/testing

references/testing-practices.md:490

🔗

Medium External URL 外部 URL

https://solana.com/docs/programs/testing

references/testing-practices.md:492

🔗

Medium External URL 外部 URL

https://solana.com/developers/guides/advanced/retry

references/transaction-lifecycle.md:968

🔗

Medium External URL 外部 URL

https://solana.com/developers/guides/advanced/confirmation

references/transaction-lifecycle.md:969

🔗

Medium External URL 外部 URL

https://solanacookbook.com/references/basic-transactions.html

references/transaction-lifecycle.md:977

🔗

Medium External URL 外部 URL

https://solana.stackexchange.com/questions/tagged/transaction

references/transaction-lifecycle.md:978

🔗

Medium External URL 外部 URL

https://solana.com/developers/guides/advanced/versions

references/versioned-transactions.md:938

🔗

Medium External URL 外部 URL

https://solana.com/developers/guides/advanced/lookup-tables

references/versioned-transactions.md:939

🔗

Medium External URL 外部 URL

https://docs.anza.xyz/proposals/versioned-transactions

references/versioned-transactions.md:940

🔗

Medium External URL 外部 URL

https://docs.rs/solana-sdk/latest/solana_sdk/transaction/struct.VersionedTransaction.html

references/versioned-transactions.md:948

🔗

Medium External URL 外部 URL

https://docs.rs/solana-sdk/latest/solana_sdk/message/v0/struct.Message.html

references/versioned-transactions.md:949

🔗

Medium External URL 外部 URL

https://solanacookbook.com/references/basic-transactions.html#versioned-transactions

references/versioned-transactions.md:952

🔗

Medium External URL 外部 URL

https://solana.stackexchange.com/questions/tagged/address-lookup-table

references/versioned-transactions.md:953

📧

Info Email 邮箱地址

[email protected]

references/deployment.md:769

File Tree

29 files · 561.0 KB · 22292 lines

Markdown 28f · 22130L Text 1f · 162L

├─ ▾ 📁 references

│ ├─ 📝 accounts.md Markdown 892L · 24.8 KB

│ ├─ 📝 anchor.md Markdown 1651L · 34.7 KB

│ ├─ 📝 builtin-programs.md Markdown 931L · 21.8 KB

│ ├─ 📝 client-development.md Markdown 261L · 8.5 KB

│ ├─ 📝 compute-optimization.md Markdown 680L · 19.4 KB

│ ├─ 📝 cpi.md Markdown 824L · 20.4 KB

│ ├─ 📝 deployment.md Markdown 1828L · 40.1 KB

│ ├─ 📝 durable-nonces.md Markdown 961L · 26.4 KB

│ ├─ 📝 error-handling.md Markdown 800L · 18.6 KB

│ ├─ 📝 native-rust.md Markdown 2042L · 44.0 KB

│ ├─ 📝 pda.md Markdown 796L · 20.5 KB

│ ├─ 📝 production-deployment.md Markdown 498L · 13.1 KB

│ ├─ 📝 resources.md Markdown 201L · 10.0 KB

│ ├─ 📝 security.md Markdown 613L · 13.8 KB

│ ├─ 📝 serialization.md Markdown 620L · 13.9 KB

│ ├─ 📝 surfpool.md Markdown 501L · 12.0 KB

│ ├─ 📝 sysvars.md Markdown 992L · 23.1 KB

│ ├─ 📝 testing-frameworks.md Markdown 1255L · 29.7 KB

│ ├─ 📝 testing-overview.md Markdown 406L · 12.5 KB

│ ├─ 📝 testing-practices.md Markdown 528L · 12.6 KB

│ ├─ 🔑 tokens-2022.md ⚠ Markdown 172L · 5.2 KB

│ ├─ 🔑 tokens-operations.md ⚠ Markdown 982L · 22.6 KB

│ ├─ 🔑 tokens-overview.md ⚠ Markdown 301L · 8.2 KB

│ ├─ 🔑 tokens-patterns.md ⚠ Markdown 860L · 21.7 KB

│ ├─ 🔑 tokens-validation.md ⚠ Markdown 221L · 5.6 KB

│ ├─ 📝 transaction-lifecycle.md Markdown 978L · 25.7 KB

│ └─ 📝 versioned-transactions.md Markdown 953L · 28.1 KB

├─ 📄 LICENSE.txt Text 162L · 8.9 KB

└─ 📝 SKILL.md Markdown 383L · 15.2 KB

Security Positives

✓ No executable scripts or binaries present — pure Markdown documentation only

✓ No dependencies (no package.json, requirements.txt, Cargo.toml, or similar dependency files)

✓ No credential harvesting or sensitive file access

✓ No data exfiltration or C2 communication

✓ No obfuscation (no base64, eval, or encoded content)

✓ No hidden functionality — all shell commands are explicitly documented as installation steps

✓ SKILL.md accurately describes the skill as a reference documentation resource

✓ No cross-skill invocation or privilege escalation attempts

✓ URLs are legitimate Solana documentation references, not exfiltration endpoints

✓ Sensitive file markers (tokens-*.md) are legitimate Solana token program documentation, not secrets

Scan Report

Findings 1 items

File Tree

Security Positives