Is storyboard-creation safe?
https://clawhub.ai/okaris/storyboard-creation
This skill is a distribution vehicle for the inference.sh CLI platform disguised as a storyboarding guide. Its most critical risk is instructing the agent to execute 'curl | sh' from a remote server, granting arbitrary code execution. All functional capabilities depend on a third-party binary that communicates with external servers, sending user prompts and project data to infrastructure outside the user's control. The educational storyboarding content is benign, but the execution model is inherently dangerous.
Category Scores
Findings (9)
CRITICAL Pipe-to-shell remote code execution -60 ▶
The skill's Quick Start section instructs the LLM agent to execute 'curl -fsSL https://cli.inference.sh | sh', which downloads and executes a remote shell script. This is the most dangerous software installation pattern — it grants the remote server (cli.inference.sh) arbitrary code execution on the user's machine. The script content can change at any time without the user's knowledge.
HIGH Persistent third-party binary installation -20 ▶
The curl|sh command installs a persistent binary (infsh) on the host system. Once installed, this binary has full execution capabilities and communicates with inference.sh servers. The skill's allowed-tools declaration 'Bash(infsh *)' then grants the agent permission to invoke this binary with any arguments.
HIGH Agent instructed to bypass tool scope via curl -30 ▶
While the skill declares 'allowed-tools: Bash(infsh *)' limiting agent commands to infsh, the Quick Start section instructs the agent to first run 'curl -fsSL https://cli.inference.sh | sh' which is outside the infsh scope. This relies on the agent following SKILL.md instructions to execute arbitrary shell commands before the tool restriction takes effect.
HIGH User prompts and project data sent to external API -25 ▶
Every 'infsh app run' command sends the user's image generation prompts to inference.sh servers. These prompts may contain sensitive project details, character descriptions, scene information, or other confidential creative content. The user has no control over how this data is stored or used.
MEDIUM Authentication credential exposure via infsh login -15 ▶
The 'infsh login' command establishes an authenticated session with inference.sh servers. The authentication flow, token storage location, and credential handling are opaque to the user.
MEDIUM Instruction to install additional skills from external sources -15 ▶
The Related Skills section instructs the agent to run 'npx skills add' commands for four additional skills from the same author's infrastructure, expanding the attack surface and creating a skill dependency chain.
MEDIUM External network connection during installation -25 ▶
Network monitoring captured TLS connections to 216.150.1.1:443 during the skill installation phase. While this may be expected for registry resolution, it confirms the skill's infrastructure is contacted during install, not just during use.
LOW Background process execution with --no-wait -10 ▶
The skill demonstrates using '--no-wait' flags to run multiple infsh commands in background mode, which makes it harder to audit what processes are running and their outputs.
INFO Skill serves as distribution vector for third-party platform -75 ▶
The primary function of this skill is to onboard users onto the inference.sh platform. The storyboarding knowledge (shot types, camera angles, continuity rules) is freely available reference material that serves as a wrapper around the commercial inference.sh CLI tool. The skill is essentially a marketing/distribution vehicle.