Skillv1.0.1

ClawScan security

aenerate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 10:23 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (running FLUX models via the inference.sh CLI) matches its instructions, but it directs the user to run a remote installer via curl | sh and omits any declared credential requirements for the interactive login step — both of which merit caution.
Guidance: This skill appears to do what it says (use the inference.sh CLI to run FLUX models), but exercise caution before running the installer command exactly as written. Recommended steps: - Do not run 'curl | sh' blindly. Instead download the installer script (https://cli.inference.sh) and read it before executing, or fetch the specific binary from dist.inference.sh and verify the checksum yourself using the published checksums file. - Be aware that using the CLI and running apps sends your prompts and any image URLs or uploaded images to the inference.sh service — treat sensitive images or prompts accordingly. - Expect an interactive 'infsh login' that will create/save an auth token locally; confirm where tokens/config are stored and consider using a throwaway account or isolated environment if you are unsure. - If you need stronger assurance, ask the skill author for a reproducible install method (GitHub release or package registry link) or for explicit instructions that show the checksum verification steps performed client-side. - If you cannot inspect the installer or verify its checksums, consider running it in a sandboxed VM or container rather than on a sensitive workstation.

Review Dimensions

Purpose & Capability: okThe name/description promise (image generation with FLUX via the inference.sh CLI) aligns with the SKILL.md examples and commands (infsh app run, sample, image-to-image, LoRA usage). Nothing in the instructions asks for unrelated cloud credentials or unrelated system access.
Instruction Scope: noteInstructions are focused on installing the infsh CLI and calling infsh to run apps. They do not ask the agent to read arbitrary local files or credentials, but they do instruct installing and logging into a remote service and sending prompts/images (image URLs) to the inference.sh platform — which means your prompts/images will be transmitted to that external service. The doc calls out an interactive 'infsh login' step but the skill metadata does not declare any required credentials or tokens.
Install Mechanism: concernThere is no formal install spec in the registry, but SKILL.md instructs running a remote install bootstrapper via 'curl -fsSL https://cli.inference.sh | sh'. Piping a remote script to sh is a high-risk install pattern even if the script later verifies checksums; the installer and downloaded binaries originate from cli.inference.sh / dist.inference.sh (not a well-known package host like GitHub Releases in this context). The README claims SHA-256 verification and a checksums file, but the bootstrap pattern still requires the user to trust the remote script and hosting.
Credentials: noteThe skill declares no required environment variables or primary credential, which is consistent with the registry metadata. However the instructions call out 'infsh login' (interactive auth) and using remote apps, implying credentials or an account will be used/stored by the CLI. The lack of declared credential requirements is a transparency gap but not necessarily malicious.
Persistence & Privilege: noteThe skill is not always-enabled and does not request special platform privileges. The installer will create a local binary (infsh) and the login step will likely store an auth token/config in the user's home directory — normal for a CLI but worth noting because it persists credentials locally.