Skills agent-tools
📦

agent-tools

Medium Risk ⚙️ External commands🌐 Network access🔑 Env variables📁 Filesystem access

Run 250+ AI Models via inference.sh CLI

Also available from: toolshell,inference-sh-0,inference-sh-6,inference-sh-7,skillssh,inference-sh-3,inference-sh-8,inference-sh-9,inferencesh,inference-shell,tool-belt,tul-sh,inf-sh,inferen-sh

Access hundreds of AI models for image generation, video creation, text processing, and automation without managing GPU infrastructure or API integrations.

Supports: Claude Codex Code(CC)
⚠️ 63 Poor
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "agent-tools". belt app run falai/flux-dev-lora --input '{"prompt": "a serene mountain lake at sunset"}'

Expected outcome:

Running falai/flux-dev-lora...
Task ID: abc123xyz
Status: completed
Image URL: https://cloud.inference.sh/results/abc123xyz.png

Using "agent-tools". belt app list --category image --featured

Expected outcome:

FEATURED IMAGE APPS
| App | Description |
|-----|-------------|
| falai/flux-dev-lora | FLUX.2 Dev (high quality) |
| google/gemini-3-pro-image | Gemini 3 Pro Image |
| xai/grok-imagine-image | Grok Image Generation |

Using "agent-tools". belt app run x/post-tweet --input '{"text": "Just generated this with #AI!"}'

Expected outcome:

Running x/post-tweet...
Status: posted
Tweet ID: 1234567890
URL: https://twitter.com/user/status/1234567890

Security Audit

Medium Risk
v1 • 4/25/2026

This skill provides access to the inference.sh CLI for running 250+ AI apps. Static analysis detected many patterns (pipe to shell, external commands, hardcoded URLs) but evaluation confirms these are legitimate CLI tool patterns, not security vulnerabilities. The skill is properly scoped to belt commands only, uses official infrastructure, and implements standard installation verification (SHA-256 checksums, optional Sigstore signatures). No malicious behavior detected after semantic review.

5
Files scanned
596
Lines analyzed
10
findings
1
Total audits

High Risk Issues (1)

SKILL.md:16references/authentication.md:6references/authentication.md:44references/cli-reference.md:6
Pipe to Shell Installation Pattern
The skill uses `curl | sh` pattern for CLI installation. This is a common installation method for the inference.sh CLI. The installer verifies SHA-256 checksums and optionally validates Sigstore signatures. While flagged as critical by static analysis, this is the intended and documented installation mechanism for the official CLI tool.
Medium Risk Issues (3)
SKILL.md:7SKILL.md:11
Network Access to External Service
The skill makes network requests to inference.sh infrastructure to run AI models. This is the intended functionality of the skill - accessing cloud-based AI services. No data exfiltration or unauthorized transmission detected.
references/authentication.md:30references/cli-reference.md:72
API Key Environment Variable Access
The skill documents the INFSH_API_KEY environment variable for CI/CD authentication. This is a standard credential pattern for CLI tools. The variable is user-provided and not hardcoded.
SKILL.md:31references/running-apps.md:41
Local File System Access for Uploads
The skill supports local file paths for AI inputs (images, videos, audio). Files are uploaded to the inference.sh cloud for processing. No arbitrary file system operations beyond specified input paths.
Low Risk Issues (2)
SKILL.md:138-144references/app-discovery.md:110-112
Hardcoded URLs to Official Infrastructure
Multiple URLs to inference.sh domain are hardcoded in documentation. These are required for the CLI to function and point to official infrastructure. Not a security vulnerability.
references/app-discovery.md:89-99
Static Analysis False Positives on Code Patterns
The static analyzer flagged 'weak cryptographic algorithm' for AI model names (FLUX, SDXL, Veo), 'shell backtick execution' for bash commands in documentation blocks, and 'path traversal' for relative path examples. These are all false positives from pattern matching without semantic context.

Risk Factors

⚙️ External commands (1)
SKILL.md:15-18
🌐 Network access (1)
SKILL.md:7
🔑 Env variables (1)
references/authentication.md:30
📁 Filesystem access (1)
SKILL.md:31
Audited by: claude

Quality Score

45
Architecture
100
Maintainability
87
Content
50
Community
36
Security
83
Spec Compliance

What You Can Build

Generate AI Images Without Local GPU

Content creators and marketers can generate professional images using state-of-the-art models without installing and maintaining local AI tooling. Simply specify the model and prompt.

Automate Social Media with AI-Generated Content

Social media managers can programmatically post AI-generated images, videos, and text to Twitter/X. Create scheduled content workflows with consistent branding.

Access Multiple AI Providers Through Single Interface

Developers can experiment with different AI models by switching app names without changing code. Test FLUX, Claude, Gemini, and OpenRouter models with the same CLI syntax.

Try These Prompts

Generate an image with specific model 
Use belt to run falai/flux-dev-lora with the input {"prompt": "[DESCRIBE YOUR IMAGE]", "num_images": 1, "image_size": "landscape_16_9"}
Create video from prompt 
Run google/veo-3-1-fast with {"prompt": "[VIDEO DESCRIPTION]"} and save the task ID for tracking
Chain multiple AI tasks 
First generate an image with falai/flux-dev-lora, then use that output URL to create a video with bytedance/omnihuman-1-5 using the avatar prompt
Search and analyze web content 
Use tavily/search-assistant to find recent information about [TOPIC], then use exa/extract to pull key details from the top results

Best Practices

  • Use `belt app sample` to generate input templates before running tasks
  • Save task IDs when using `--no-wait` to check status later with `belt task get`
  • Store your INFSH_API_KEY securely and prefer `belt login` for interactive authentication

Avoid

  • Do not hardcode API keys in scripts - use environment variables or `belt login`
  • Avoid running multiple large tasks simultaneously without tracking - use `belt task get` to monitor progress
  • Do not upload sensitive personal files - the CLI uploads files to cloud.inference.sh for processing

Frequently Asked Questions

How do I authenticate with inference.sh?
Run `belt login` to open a browser for authentication. For CI/CD, set the INFSH_API_KEY environment variable with your API key.
What file formats are supported for uploads?
Common image formats (PNG, JPG, WEBP), video formats (MP4, MOV), and audio formats (MP3, WAV) are supported. Check specific app requirements with `belt app get <app>`.
How do I track long-running tasks?
When you run an app, you'll receive a task ID. Use `belt task get <task-id>` to check status. Use `belt task get <task-id> --save result.json` to save results.
Can I run multiple AI models in sequence?
Yes. Chain outputs by using URLs or file paths from one task as inputs to another. For example, use an image generation URL as input for a video generation app.
How do I find available apps?
Use `belt app list` to see all apps. Filter by category with `--category image`, `--category video`, etc. Search with `belt app list --search "flux"`.
Is the installation secure?
The installer verifies SHA-256 checksums and optionally validates Sigstore signatures. You can also manually download and verify binaries if you prefer not to pipe to shell.

Developer Details

License

MIT

Repository

https://github.com/infsh-skills/skills/tree/main/tools/agent-tools/

Ref

main

File structure

📁 references/

📄 app-discovery.md

📄 authentication.md

📄 cli-reference.md

📄 running-apps.md

📄 SKILL.md