Character Design Sheet
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives software from an external source access to run on the user's machine.
The skill recommends installing an external CLI via a remote shell script. This is disclosed and purpose-aligned, but users should verify the installer source before running it.
curl -fsSL https://cli.inference.sh | sh && infsh login
Use the manual install and checksum verification if possible, and only install the CLI if you trust inference.sh.
Generated jobs may use the user's inference.sh account and any permissions or billing associated with it.
The skill asks the user to authenticate to the inference.sh CLI. This is expected for an external image-generation service, but it means the skill may operate under that account.
infsh login
Log in with the intended account, review any scopes or permissions shown during login, and monitor generated jobs.
The agent can run infsh image-generation commands when using this skill.
The skill allows Bash only for infsh commands, which is narrow and aligned with image generation, but it still lets the agent invoke external CLI actions.
allowed-tools: Bash(infsh *)
Review prompts and generated job commands before running them, especially if prompts include private project details.