Book Cover Design
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run image-generation commands through inference.sh when helping with cover concepts.
The skill permits agent use of the `infsh` command-line tool. The scope is narrow and aligned with AI cover generation, but users should understand that the agent can run provider CLI commands.
allowed-tools: Bash(infsh *)
Review generated prompts and confirm you are comfortable with the service/account being used before letting the agent run commands.
Running this setup installs an external CLI before using the skill.
The quick start asks users to pipe a remote installer into a shell. It is disclosed and purpose-aligned, and the artifact says checksum verification is available, but it is still an external install path users should verify.
curl -fsSL https://cli.inference.sh | sh && infsh login
Prefer the documented manual install/checksum verification path or inspect the installer source if you are cautious.
Generated image requests may use the account and permissions associated with the logged-in inference.sh session.
The workflow expects authentication to inference.sh so image-generation commands can run with the user's account. This is expected for the service, but it is still delegated account access.
infsh login
Log in with the intended account, understand any usage limits or costs, and avoid sharing credentials directly in prompts.