App Store Screenshots
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for making app store screenshots, but users should notice that it relies on installing and logging into an external inference.sh CLI and sending prompts or image assets to that service.
Before installing, verify the inference.sh CLI source and checksum, log in only with the account you intend to use, and avoid sending confidential app screens or personal data in prompts or image uploads. The artifacts do not show malicious behavior.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI runs code from an external source on the user's machine.
The skill tells users to install a third-party CLI by piping a remote script into the shell. This is disclosed and purpose-aligned, but it is still a supply-chain step users should inspect or verify.
curl -fsSL https://cli.inference.sh | sh && infsh login
Use the manual install and checksum verification path if possible, and only install the CLI from a trusted network and account context.
The CLI may operate under the user's inference.sh account and could consume quota or access that account's resources.
The skill requires authentication to the inference.sh CLI. This is expected for using the external service, and the artifacts do not show token logging, hardcoded credentials, or unrelated account access.
infsh login
Log in with the intended account only, and review account permissions, billing, and generated commands before use.
The agent could run different infsh subcommands within the allowed pattern, potentially invoking external jobs or using service credits.
The skill permits Bash execution of infsh commands. That matches the screenshot-generation purpose, but it is broader than a single fixed workflow.
allowed-tools: Bash(infsh *)
Review infsh commands before approving them, especially commands that upload files, create videos, or start paid inference jobs.
Prompts, screenshots, mockups, or app UI images may be sent to inference.sh or underlying model providers.
The skill routes screenshot and preview-video generation through an external provider CLI. This is expected for the skill, but user prompts and referenced image assets may leave the local environment.
Create app store screenshots and preview videos via [inference.sh](https://inference.sh) CLI.
Do not include secrets, private user data, unreleased confidential UI, or customer information in prompts or uploaded images unless that sharing is acceptable.