Book Cover Design
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instructional book-cover design skill, with the main user-review points being its inference.sh CLI install step and account login.
This skill appears safe for its stated purpose. Before installing, verify the inference.sh CLI installer if desired, log in only with the account you intend to use, and avoid placing private manuscript or business details into image prompts unless you are comfortable sending them to the external generation service.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run image-generation commands through inference.sh when helping with cover concepts.
The skill permits agent use of the `infsh` command-line tool. The scope is narrow and aligned with AI cover generation, but users should understand that the agent can run provider CLI commands.
allowed-tools: Bash(infsh *)
Review generated prompts and confirm you are comfortable with the service/account being used before letting the agent run commands.
Running this setup installs an external CLI before using the skill.
The quick start asks users to pipe a remote installer into a shell. It is disclosed and purpose-aligned, and the artifact says checksum verification is available, but it is still an external install path users should verify.
curl -fsSL https://cli.inference.sh | sh && infsh login
Prefer the documented manual install/checksum verification path or inspect the installer source if you are cautious.
Generated image requests may use the account and permissions associated with the logged-in inference.sh session.
The workflow expects authentication to inference.sh so image-generation commands can run with the user's account. This is expected for the service, but it is still delegated account access.
infsh login
Log in with the intended account, understand any usage limits or costs, and avoid sharing credentials directly in prompts.