📦

سجل التدقيق

ai-video-generation - 2 عمليات التدقيق

إصدار التدقيق 2

الأحدث مخاطر منخفضة

Feb 26, 2026, 08:58 AM

Static analysis flagged 43 external command patterns and 19 URLs, but all are FALSE POSITIVES. The external commands are bash code blocks in documentation showing usage examples, not actual shell execution. URLs are documentation links to inference.sh resources. The skill uses allowed-tools: Bash(infsh *) which properly restricts bash commands to the inference.sh CLI only. No malicious intent detected.

1
الملفات التي تم فحصها
178
الأسطر التي تم تحليلها
4
النتائج
claude
تم تدقيقه بواسطة
مشكلات منخفضة المخاطر (2)
Documentation contains shell command examples
The skill documentation includes bash code blocks showing CLI usage. These are documentation examples only, not executable code. The skill restricts bash access to 'infsh *' commands via allowed-tools directive.
Documentation contains external URLs
Multiple URLs link to inference.sh documentation and resources. These are reference links for users, not network calls made by the skill itself.

إصدار التدقيق 1

آمن

Feb 27, 2026, 08:52 AM

This skill provides a wrapper for the inference.sh CLI to generate AI videos. All detected patterns (external_commands, network URLs, cryptographic references) are false positives - the skill contains only documentation examples and legitimate API endpoint references. No malicious behavior detected. The pipe-to-shell install pattern is standard for CLI tools with documented manual alternatives.

1
الملفات التي تم فحصها
178
الأسطر التي تم تحليلها
3
النتائج
claude
تم تدقيقه بواسطة
مشكلات متوسطة المخاطر (1)
Pipe-to-Shell Install Pattern
The skill documentation shows `curl -fsSL https://cli.inference.sh | sh` for CLI installation. While this is a common pattern, piping directly to shell carries inherent risk. However, the skill provides manual installation alternatives and the service is a legitimate AI video generation platform.