Customer Persona
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is broadly coherent for creating customer personas, but it relies on a third-party CLI, login, and external provider calls that users should understand before use.
This skill appears safe to review as a normal third-party CLI integration. Before installing, verify the inference.sh installer, confirm the account you log in with, and avoid sending confidential customer or business data in research prompts unless that external use is acceptable.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI means trusting code downloaded from inference.sh.
The skill documents installation through a remote shell script for a third-party CLI. This is disclosed and central to the skill, but users should verify the installer before running it.
curl -fsSL https://cli.inference.sh | sh && infsh login
Use the manual install and checksum verification path if you want stronger assurance before installing.
The skill may use your logged-in inference.sh account to run provider apps.
The skill expects an authenticated inference.sh session, while the registry metadata lists no primary credential or required environment variables.
infsh login
Confirm which inference.sh account is logged in and understand any account permissions or usage costs before invoking the skill.
If invoked too broadly, the agent could run inference.sh commands beyond the examples shown.
The allowed tool pattern permits broad use of the `infsh` CLI, while the documented workflow only needs specific `infsh app run` calls for search and image generation.
allowed-tools: Bash(infsh *)
Review agent actions before execution and prefer using only the documented search and avatar-generation commands.
Market, customer, or audience details included in prompts may be sent to third-party services.
The skill routes persona research queries and avatar prompts through external apps/providers. This is purpose-aligned and disclosed, but it is still an external data flow.
infsh app run tavily/search-assistant ... infsh app run exa/search ... infsh app run falai/flux-dev-lora
Avoid including confidential customer data, proprietary strategy, or personal information unless you are comfortable sending it to those providers.