shortaaa

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent FLUX image-generation helper, but it asks users to install and log into an external CLI before use.

Install only if you trust inference.sh. Prefer the manual install and checksum verification path, log in with the account you intend to use, review billing or usage limits, and avoid sending private prompts or private image URLs unless you accept the provider's data handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

External Script Fetching

High

Category: Supply Chain
Content: ## Quick Start ```bash curl -fsSL https://cli.inference.sh | sh && infsh login infsh app run falai/flux-dev-lora --input '{"prompt": "a futuristic city at night"}' ```
Confidence: 97% confidence
Finding: curl -fsSL https://cli.inference.sh | sh

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal