Faces
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a real Faces CLI integration, but its docs understate local file and credential handling and include silent provider fallback that users should review carefully.
Before installing, verify the faces-cli npm package and be careful with credentials, private files, and billing actions. Use scoped API keys with budgets and expiry, avoid exposing raw tokens or passwords in chat, confirm provider routing before relying on ChatGPT passthrough, and only upload source material you are comfortable storing on the Faces Platform.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may think the skill only touches a credentials file, while normal workflows can read selected local documents and create local catalog files.
This conflicts with other provided docs that use `--file` uploads and state that the CLI maintains `~/.faces/catalog/`, so the privacy/scope claim understates local file access and persistence.
No local files are read or written except `~/.faces/config.json`, which stores credentials the user explicitly provides.
Fix the scope statement to clearly disclose local file uploads, local catalog writes, server-side storage, retention, and deletion options.
Saved account configuration or credentials could be exposed to the agent context, logs, or transcript if the CLI prints them.
The skill asks to show saved Faces configuration; other references state that this config can store JWT/API-key credentials, and the artifacts do not say whether `config:show` redacts secrets.
## Current config !`faces config:show 2>/dev/null || echo "(no config saved)"`
Use a non-secret status command such as `faces auth:whoami` for setup checks, and ensure any config display redacts tokens and API keys.
A request the user expects to run through their linked ChatGPT account may instead run through the platform's system key without an obvious warning.
A silent fallback can change the credential/provider route and possibly the billing or data-handling expectation without a per-request prompt.
Fallback to system key happens silently if the token is invalid.
Warn the user and ask for confirmation before falling back, and report which provider route and billing mode were used.
Sensitive documents or personal details may become part of a reusable Face and influence future chats or shared API-key access.
The core workflow intentionally turns user-provided source material into persistent persona data, which may include private writings, transcripts, or personal attributes.
Feed it source material — documents, essays, interviews, conversations — and the compiler extracts the minimal set of cognitive primitives that define a persona.
Upload only material you are comfortable sending to the Faces Platform, review deletion/sharing controls, and prefer scoped API keys with budgets and expiry.
Mistaken commands could delete Faces, create or revoke keys, change budgets, or start billing-related flows.
The CLI exposes account, billing, API-key, upload, update, and delete operations. These are expected for the skill's purpose, but they can mutate account data or spend money.
faces face:delete <face_id> [--yes] ... faces keys:create --name [--expires-days N] [--budget F] ... faces billing:topup --amount F
Require explicit user confirmation for deletion, billing, key creation/revocation, and any command using `--yes`.
Installing the skill's CLI means trusting the current npm package and its future updates.
The runnable behavior is delegated to an external npm package that is not bundled or pinned in the supplied artifacts, so this scan cannot verify the CLI implementation.
the CLI is installed via `npm install -g faces-cli` from the public npm registry
Verify the package publisher/source, pin an audited version where possible, and review the CLI before using it with credentials or private files.