Social Media Carousel
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate carousel-design skill, but it relies on an external inference.sh CLI/login and sends generated HTML content to that service.
This skill looks coherent for creating social-media carousel images. Before using it, verify the inference.sh CLI installer/checksum, understand that infsh login may create an authenticated session, and avoid sending private content in generated slide HTML. The supplied SKILL.md content was truncated in the review input, so review the full file before installation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent can use the external infsh CLI within this skill’s workflow.
The skill permits the agent to run infsh CLI commands. This is consistent with the carousel rendering workflow, but the wildcard is broader than only the shown html-to-image command.
allowed-tools: Bash(infsh *)
Use it for the documented carousel/image-generation commands and review any infsh command before approving unexpected actions.
Installing the CLI runs code from an external source on the user’s machine.
The quick start recommends installing a remote CLI script. The text says checksum verification and manual install are available, and there is no install spec that would run it automatically.
curl -fsSL https://cli.inference.sh | sh && infsh login
Prefer the documented manual install/checksum verification path or inspect the installer before running it.
The CLI may use the user’s inference.sh account/session to run rendering jobs.
The workflow expects the user to authenticate to inference.sh. This is normal for a provider-backed rendering CLI, and the artifact does not show credential logging, hardcoding, or unrelated account access.
infsh login
Use an account/token with only the access needed for image generation and sign out or revoke access if no longer needed.
Text, branding, or other content placed in the slide HTML may be processed by inference.sh.
The generated slide HTML is passed to an external inference.sh app for rendering. This is disclosed and purpose-aligned, but it means provided content leaves the local chat environment.
infsh app run infsh/html-to-image --input '{ "html": ... }'Avoid putting confidential or regulated information into carousel content unless you are comfortable with the provider handling it.