ClawHub
Back to skill
v0.1.5

Case Study Writing

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:31 AM.

Analysis

The skill is purpose-aligned for case study writing, but it relies on an external CLI, login, web-search provider calls, and a Python execution helper that users should verify and scope carefully.

GuidanceBefore installing, verify the inference.sh CLI installer and checksum, log in only with an appropriate account, keep infsh commands limited to the documented research/charting workflow, and avoid sending confidential customer data to external search or execution apps unless approved.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
curl -fsSL https://cli.inference.sh | sh && infsh login

The Quick Start asks the user to install an external CLI by piping a remote script into a shell. This is disclosed setup for the skill's inference.sh workflow, but it is still a supply-chain-sensitive installation pattern.

User impactInstalling the skill's suggested CLI runs code from an external domain on the user's machine.
RecommendationOnly run the installer if you trust the provider; prefer the documented manual install and checksum verification path where possible.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
allowed-tools: Bash(infsh *)

The skill grants access to any infsh command rather than only the specific documented search and visualization commands. The examples are purpose-aligned, but the wildcard is broader than the visible workflow requires.

User impactIf invoked, the agent could use the inference.sh CLI beyond the exact examples in the instructions.
RecommendationKeep usage limited to the documented research and visualization commands, and review unfamiliar infsh actions before allowing them.
Unexpected Code Execution
SeverityMediumConfidenceHighStatusNote
SKILL.md
infsh app run infsh/python-executor --input '{ "code": "import matplotlib.pyplot as plt ... plt.savefig(\"results-chart.png\", dpi=150)" }'

The skill shows using an inference.sh Python executor to generate a chart and write an output file. This is disclosed and aligned with the data-visualization purpose, but it is still code execution via an external helper.

User impactChart generation may execute Python code and create files as part of the workflow.
RecommendationUse simple, reviewable chart code and avoid running generated or user-supplied code that has not been inspected.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
infsh login

The skill expects the user to authenticate to the inference.sh CLI. This is normal for an external service integration, but it means the skill workflow may use an account/session outside the local agent.

User impactThe workflow may operate under the user's inference.sh account once logged in.
RecommendationUse an account with appropriate scope and avoid sharing credentials or session details in prompts.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
infsh app run tavily/search-assistant --input '{ "query": "SaaS customer onboarding challenges 2024 statistics" }'

The skill sends research queries to an external search assistant through inference.sh. This is disclosed and purpose-aligned, but it is an external provider data flow.

User impactSearch terms, and potentially any customer details included in them, may be sent to external services.
RecommendationDo not include confidential customer metrics, names, or quotes in external search queries unless sharing them is permitted.