Social Media Carousel
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent can use the external infsh CLI within this skill’s workflow.
The skill permits the agent to run infsh CLI commands. This is consistent with the carousel rendering workflow, but the wildcard is broader than only the shown html-to-image command.
allowed-tools: Bash(infsh *)
Use it for the documented carousel/image-generation commands and review any infsh command before approving unexpected actions.
Installing the CLI runs code from an external source on the user’s machine.
The quick start recommends installing a remote CLI script. The text says checksum verification and manual install are available, and there is no install spec that would run it automatically.
curl -fsSL https://cli.inference.sh | sh && infsh login
Prefer the documented manual install/checksum verification path or inspect the installer before running it.
The CLI may use the user’s inference.sh account/session to run rendering jobs.
The workflow expects the user to authenticate to inference.sh. This is normal for a provider-backed rendering CLI, and the artifact does not show credential logging, hardcoding, or unrelated account access.
infsh login
Use an account/token with only the access needed for image generation and sign out or revoke access if no longer needed.
Text, branding, or other content placed in the slide HTML may be processed by inference.sh.
The generated slide HTML is passed to an external inference.sh app for rendering. This is disclosed and purpose-aligned, but it means provided content leaves the local chat environment.
infsh app run infsh/html-to-image --input '{ "html": ... }'Avoid putting confidential or regulated information into carousel content unless you are comfortable with the provider handling it.