ClawHub

Ai Image Generation

PassAudited by VirusTotal on May 12, 2026.

Overview

Type: OpenClaw Skill Name: ai-image-generation Version: 0.1.5 The skill is classified as suspicious due to the presence of instructions in `SKILL.md` that, if executed by an AI agent through prompt injection, could bypass the declared `allowed-tools` restrictions. Specifically, the `curl -fsSL https://cli.inference.sh | sh` command for CLI installation and `npx skills add` commands for related skills are outside the `Bash(infsh *)` allowance. While the skill's core purpose is benign, these instructions represent a potential arbitrary code execution risk if the agent's security controls are circumvented, even if the `Install note` claims the install script is benign.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note
ASI04: Agentic Supply Chain Vulnerabilities
What this means

Installing the CLI gives code from inference.sh a chance to run locally during setup.

Why it was flagged

The skill instructs users to install an external CLI by piping a remote script into the shell. This is a disclosed setup step for the skill, but it depends on trusting the remote installer.

Skill content
curl -fsSL https://cli.inference.sh | sh && infsh login
Recommendation

Use the linked manual install and checksum verification if possible, and only run the installer if you trust the inference.sh source.

Note
ASI02: Tool Misuse and Exploitation
What this means

The agent may be able to run broader inference.sh CLI actions available to the logged-in account, though the documented examples are image-focused.

Why it was flagged

The skill permits Bash execution of any infsh command, not only the specific image-generation commands shown in the examples.

Skill content
allowed-tools: Bash(infsh *)
Recommendation

Review requested infsh commands before approving meaningful actions, especially if they could consume credits, modify account resources, or run non-image apps.

Note
ASI03: Identity and Privilege Abuse
What this means

Generated image requests may run under the user's inference.sh account and may be subject to that account's permissions, quotas, or billing.

Why it was flagged

The skill requires logging into the inference.sh CLI for normal use, even though registry metadata does not declare a primary credential.

Skill content
infsh login
Recommendation

Log in only with the intended account and understand any costs or account permissions before using the skill.