Ai Music Generation
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent music-generation CLI wrapper, but users should notice that it asks them to install and log in to an external inference.sh CLI.
Before installing, verify the inference.sh CLI installer and understand that prompts or lyrics you submit will be processed by the external provider. Use an account where you are comfortable with any quota or billing impact.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI runs code from an external domain on the user's machine.
The setup instructions use a remote shell installer for the external CLI. It is disclosed and purpose-aligned, but users should verify the source and checksum before running it.
curl -fsSL https://cli.inference.sh | sh && infsh login
Review the installer source or use the linked manual install and checksum verification before installing.
The agent may run music-generation jobs through the logged-in inference.sh account, which could use account quota or billing.
The skill expects the user to authenticate to inference.sh so the CLI can run provider-hosted music models. This is expected for the service but creates account-level authority.
infsh login
Use the intended inference.sh account, understand any costs or quotas, and review generation requests before allowing them.
The agent can use the inference.sh CLI for listed and potentially other infsh subcommands available in the local installation.
The allowed tool scope permits Bash execution of infsh commands. This is aligned with the skill's purpose, but it is broader than a single fixed generation command.
allowed-tools: Bash(infsh *)
Keep the CLI authenticated only when needed and confirm any command that may create, save, publish, or incur cost.