Image Upscaling
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent image-upscaling skill, but it relies on an external CLI, account login, and cloud processing that users should verify before use.
Before installing, confirm you trust inference.sh and its CLI installer, understand that images or image URLs will be sent to cloud providers, and review infsh commands before allowing anything beyond normal upscaling.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to run inference.sh CLI commands under the user's configured session when the skill is invoked.
The skill permits the agent to run infsh CLI commands using a wildcard, which is broader than a single fixed upscaling command even though it is aligned with the stated CLI-based purpose.
allowed-tools: Bash(infsh *)
Use the skill for expected image-upscaling commands and review any infsh command before allowing account-affecting or unexpected actions.
Inference jobs may run through the user's inference.sh account and could use that account's permissions or billing context.
The workflow expects the user to authenticate to inference.sh. That is purpose-aligned for a hosted inference CLI, but it means the skill uses an external account session.
curl -fsSL https://cli.inference.sh | sh && infsh login
Log in only with an account intended for this use and monitor any provider usage, permissions, or billing settings.
Installing the CLI runs code obtained from an external domain on the user's machine.
The setup uses a remote shell installer outside the skill package. The artifact states it verifies checksums, but users still depend on the external installer and download source.
curl -fsSL https://cli.inference.sh | sh
Prefer the documented manual install and checksum verification if possible, and only install from the official inference.sh source.
Private or sensitive image URLs may be processed by external services.
The examples show image URLs being sent to hosted inference apps. This is expected for cloud upscaling, but it creates an external data boundary.
infsh app run falai/topaz-image-upscaler --input '{...image_url...}'Use images you are comfortable sending to the provider, and review inference.sh/falai data handling policies for sensitive content.