Fähigkeiten ai-video-generation Audit-Verlauf
📦

Audit-Verlauf

ai-video-generation - 2 Audits

Audit-Version 2

Neueste Niedriges Risiko

Feb 26, 2026, 08:58 AM

Static analysis flagged 43 external command patterns and 19 URLs, but all are FALSE POSITIVES. The external commands are bash code blocks in documentation showing usage examples, not actual shell execution. URLs are documentation links to inference.sh resources. The skill uses allowed-tools: Bash(infsh *) which properly restricts bash commands to the inference.sh CLI only. No malicious intent detected.

1
Gescannte Dateien
178
Analysierte Zeilen
4
befunde
claude
Auditiert von
Probleme mit niedrigem Risiko (2)
SKILL.md:15-171
Documentation contains shell command examples
The skill documentation includes bash code blocks showing CLI usage. These are documentation examples only, not executable code. The skill restricts bash access to 'infsh *' commands via allowed-tools directive.
SKILL.md:9-177
Documentation contains external URLs
Multiple URLs link to inference.sh documentation and resources. These are reference links for users, not network calls made by the skill itself.

Risikofaktoren

⚙️ Externe Befehle (13)
SKILL.md:15-21 SKILL.md:23-31 SKILL.md:67-69 SKILL.md:75-79 SKILL.md:83-88 SKILL.md:92-96 SKILL.md:100-105 SKILL.md:109-114 SKILL.md:118-123 SKILL.md:127-129 SKILL.md:133-138 SKILL.md:142-147 SKILL.md:151-169
🌐 Netzwerkzugriff (12)
SKILL.md:9 SKILL.md:11 SKILL.md:17 SKILL.md:23 SKILL.md:94 SKILL.md:102-103 SKILL.md:111-112 SKILL.md:120-121 SKILL.md:128 SKILL.md:135 SKILL.md:144 SKILL.md:175-177

Audit-Version 1

Sicher

Feb 27, 2026, 08:52 AM

This skill provides a wrapper for the inference.sh CLI to generate AI videos. All detected patterns (external_commands, network URLs, cryptographic references) are false positives - the skill contains only documentation examples and legitimate API endpoint references. No malicious behavior detected. The pipe-to-shell install pattern is standard for CLI tools with documented manual alternatives.

1
Gescannte Dateien
178
Analysierte Zeilen
3
befunde
claude
Auditiert von
Probleme mit mittlerem Risiko (1)
SKILL.md:17
Pipe-to-Shell Install Pattern
The skill documentation shows `curl -fsSL https://cli.inference.sh | sh` for CLI installation. While this is a common pattern, piping directly to shell carries inherent risk. However, the skill provides manual installation alternatives and the service is a legitimate AI video generation platform.

Risikofaktoren

⚙️ Externe Befehle (43)
SKILL.md:15-21 SKILL.md:21-23 SKILL.md:23-31 SKILL.md:31-32 SKILL.md:32-33 SKILL.md:33-34 SKILL.md:34-35 SKILL.md:35-36 SKILL.md:36-37 SKILL.md:37-38 SKILL.md:38-44 SKILL.md:44-45 SKILL.md:45-46 SKILL.md:46-52 SKILL.md:52-53 SKILL.md:53-54 SKILL.md:54-55 SKILL.md:55-61 SKILL.md:61-62 SKILL.md:62-63 SKILL.md:63-67 SKILL.md:67-69 SKILL.md:69-75 SKILL.md:75-79 SKILL.md:79-83 SKILL.md:83-88 SKILL.md:88-92 SKILL.md:92-96 SKILL.md:96-100 SKILL.md:100-105 SKILL.md:105-109 SKILL.md:109-114 SKILL.md:114-118 SKILL.md:118-123 SKILL.md:123-127 SKILL.md:127-129 SKILL.md:129-133 SKILL.md:133-138 SKILL.md:138-142 SKILL.md:142-147 SKILL.md:147-151 SKILL.md:151-169 SKILL.md:169-171
🌐 Netzwerkzugriff (19)
SKILL.md:9 SKILL.md:11 SKILL.md:17 SKILL.md:23 SKILL.md:23 SKILL.md:94 SKILL.md:102 SKILL.md:103 SKILL.md:111 SKILL.md:112 SKILL.md:120 SKILL.md:121 SKILL.md:128 SKILL.md:135 SKILL.md:144 SKILL.md:144 SKILL.md:175 SKILL.md:176 SKILL.md:177
← Zurück zum Skill