ClawHub
Back to skill
v0.1.5

Ai Content Pipeline

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:31 AM.

Analysis

This is a coherent instruction-only skill for using inference.sh to build AI media workflows, with expected but noteworthy remote install, login, and third-party content-processing steps.

GuidanceBefore installing, make sure you trust inference.sh, verify the CLI installer if possible, and remember that prompts, scripts, blog text, and media URLs may be processed by third-party AI services. Review any workflow that posts publicly or distributes content before allowing it to run.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
curl -fsSL https://cli.inference.sh | sh && infsh login

The skill tells the user how to install a remote CLI by piping a downloaded script to the shell. This is a common setup pattern for CLI-based skills and is disclosed, but the installer itself is not part of the provided artifact set.

User impactRunning the installer gives code from the inference.sh domain the ability to execute locally during setup.
RecommendationInstall only if you trust inference.sh, prefer the manual verification path when possible, and verify the checksum and domain before running the installer.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
allowed-tools: Bash(infsh *) ... [Tavily Search] -> [Claude Summary] -> [FLUX Visual] -> [Twitter Post]

The allowed command pattern gives the agent access to the broad inference.sh CLI, and one documented pipeline includes public distribution via Twitter. This appears purpose-aligned, but publication-capable workflows should be user-confirmed.

User impactIf the user's inference.sh setup includes posting or distribution apps, the agent could help prepare or run those CLI workflows under the user's account.
RecommendationRequire explicit user confirmation before any public posting, distribution, or other externally visible action.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
infsh login

The workflow expects an authenticated inference.sh CLI session. This is purpose-aligned for using the service, but it means commands can operate under the user's account.

User impactGenerated jobs and app calls may use the user's inference.sh account privileges.
RecommendationUse an account and permissions appropriate for this workflow, and review any account access or app authorization prompts before proceeding.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
infsh app run openrouter/claude-sonnet-45 --input ...; tavily/search-assistant; falai/flux-dev; bytedance/omnihuman-1-5

The skill routes user prompts, scripts, blog content, and media URLs through inference.sh apps and named external AI providers. This is central to the content-pipeline purpose, but the artifacts do not describe provider retention or privacy boundaries.

User impactPrivate prompts, text, images, audio, or video URLs used in a workflow may be sent to third-party services.
RecommendationAvoid using confidential or sensitive media unless you are comfortable with the relevant provider policies and account settings.