Skillv1.0.0

ClawScan security

shortaaa · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 6, 2026, 11:38 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (running the inference.sh CLI to generate images), but it directs users to download and execute a remote install script (curl | sh) from a third-party domain with no source/homepage metadata—this is risky and not fully justified in-context.
Guidance: This SKILL.md appears to do what it says (use inference.sh CLI to run FLUX models), but it tells you to run a remote installer via `curl ... | sh` from cli.inference.sh — a high-risk pattern because it executes code fetched from the network. Before installing, consider: (1) review the installer script contents instead of piping to sh; (2) verify the SHA-256 checksums manually using the provided checksums link; (3) prefer installing from a trusted package manager or an audited binary; (4) confirm the reputation of inference.sh and dist.inference.sh and ask the publisher for a homepage or source repository; (5) run the installer in a non-privileged or disposable environment if you proceed. The skill registry metadata lacks a homepage/source and the registry name mismatch is a minor red flag—if you need higher assurance, request the CLI's source or a signed release before proceeding.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes using the inference.sh CLI to run FLUX models and the examples align with that purpose. Minor inconsistency: registry name 'shortaaa' vs SKILL.md internal name 'short' and no homepage/source provided; otherwise required capabilities (none) are proportionate to the declared functionality.
Instruction Scope: concernRuntime instructions tell the user to run `curl -fsSL https://cli.inference.sh | sh` and then `infsh login` and `infsh app run ...`. This directs the agent/user to download and execute a remote installer and to perform an interactive login — both of which grant the CLI broad capabilities and require trusting the external host. The SKILL.md does not instruct reading unrelated system files or env vars, but it does give the agent permission to perform a network install and run arbitrary code from the remote script.
Install Mechanism: concernThere is no formal install spec in the registry; instead the instructions recommend piping a remote installer to sh. The domains used are `cli.inference.sh` and `dist.inference.sh` (not a known OS package manager). While the doc claims SHA-256 checksum verification is available, piping an installer to sh is a high-risk pattern because it executes remote code before you can inspect it. No archive-extract details are provided, but the mechanism still results in arbitrary code being written/executed.
Credentials: okThe skill declares no required environment variables or credentials. That is consistent with an instruction-only skill that relies on an external CLI which will handle authentication (the doc suggests `infsh login`). Note: the skill will indirectly require you to provide credentials to the external service at login time, but those credentials are not requested by the skill itself.
Persistence & Privilege: okThe skill does not request always:true, does not include install-time code in the registry, and does not declare config-path changes. The main persistence risk comes from the external CLI installer which may install binaries or services on the host, but that behavior is external to the skill bundle.