Trust Report

llm-models

Access Claude, Gemini, Kimi, GLM and 100+ LLMs via inference.sh CLI using OpenRouter. Models: Claude Opus 4.5, Claude Sonnet 4.5, Claude Haiku 4.5, Gemini 3 Pro, Kimi K2, GLM-4.6, Intellect 3. One API for all models with automatic fallback and cost optimization. Use for: AI assistants, code generation, reasoning, agents, chat, content generation. Triggers: claude api, openrouter, llm api, claude sonnet, claude opus, gemini api, kimi, language model, gpt alternative, anthropic api, ai model api, llm access, chat api, claude alternative, openai alternative

SUSPICIOUS

Format: openclawScanner: v0.7.1Duration: 29msScanned: 4d ago · Apr 4, 8:39 AMSource →

Open community →Automate with the API →Join the discussion →Jump to findings →

Embed this badge

[![AgentVerus](https://agentverus.ai/api/v1/skill/5fb65f11-3bf8-4e56-bafa-c2a7ea8a5897/badge)](https://agentverus.ai/skill/5fb65f11-3bf8-4e56-bafa-c2a7ea8a5897)

Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →

https://agentverus.ai/api/v1/skill/5fb65f11-3bf8-4e56-bafa-c2a7ea8a5897/trust

Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction

curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"5fb65f11-3bf8-4e56-bafa-c2a7ea8a5897","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'

Fetch trust JSON

curl https://agentverus.ai/api/v1/skill/5fb65f11-3bf8-4e56-bafa-c2a7ea8a5897/trust

Category Scores

Permissions

100

Injection

Dependencies

Behavioral

Content

Code Safety

Findings (14)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: curl -fsSL https://cli.inference.sh | sh

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

highCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://inference.sh

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04

highCapability contract mismatch: inferred package bootstrap is not declared-10

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: npx skills

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

highMedia artifact handoff dependency-8

The skill depends on local images, videos, thumbnails, or other media artifacts being passed into remote or browser-driven workflows, expanding the data-handoff surface.

Image generation

→ Review which external services or providers the skill depends on, what data crosses that boundary, and whether the dependency is necessary for the intended workflow.

dependenciesASST-04

highLocal file access detected (inside code block)-15

Found local file access pattern: "`dist.inference.sh`"

> **Install note:** The [install script](https://cli.inference.sh) only detects your OS/architecture, downloads the matching binary from `dist.inference.sh`, and verifies its SHA-256 checksum. No elev

→ Treat local file browsing as privileged access. Restrict it to explicit user-approved paths and avoid combining it with unrestricted browser/session reuse.

behavioralASST-03

highSuspicious install pattern: download and execute from remote URL-25

The skill instructs users to download and execute code from a remote URL, a common supply-chain attack vector.

curl -fsSL https://cli.inference.sh | sh

→ Remove curl-pipe-to-shell patterns. Provide dependencies through safe, verifiable channels.

behavioralASST-02

highHigh-risk workflow lacks explicit safety boundaries-20

The skill performs or enables higher-risk operations but does not define explicit safety boundaries describing what it must not do.

No safety boundary patterns found alongside high-risk capability language

→ Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09

highMany external URLs referenced (7)-8

The skill references 7 external URLs and also discusses auth/API/payment workflows, which increases the chance that sensitive operations depend on many remote endpoints.

URLs: https://inference.sh, https://cloud.inference.sh/app/files/u/4mg21r6ta37mpaz6ktzwtt8krr/01kgvftjwhby36trvaj66bwzcf.jpeg, https://cli.inference.sh, https://dist.inference.sh/cli/checksums.txt, https://inference.sh/docs/concepts/agents...

→ Minimize external dependencies to reduce supply chain risk.

dependenciesASST-04

highDownload-and-execute pattern (curl|wget pipe to shell)-20

Piping a downloaded script directly to a shell interpreter. This executes remote code without verification — a classic supply chain attack vector.

curl -fsSL https://cli.inference.sh | sh && infsh login

→ Review the code block starting at line 15. Ensure this pattern is necessary and does not pose a security risk.

code-safetyASST-04

highPackage bootstrap execution detected (inside code block)-15

Found package bootstrap execution pattern: "npx skills"

npx skills add inference-sh/skills@inference-sh

→ Surface package bootstrap commands for review. Ephemeral package execution and install-time dependency pulls increase supply-chain risk, especially when versions are not pinned or provenance is unclear.

behavioralASST-04

highExternal AI provider delegation detected-15

Found external ai provider delegation pattern: "Gemini 3 Pro, Kimi K2, GLM-4.6, Intellect 3. One API"

description: "Access Claude, Gemini, Kimi, GLM and 100+ LLMs via inference.sh CLI using OpenRouter. Models: Claude Opus 4.5, Claude Sonnet 4.5, Claude Haiku 4.5, Gemini 3 Pro, Kimi K2, GLM-4.6, Intell

→ Treat external AI-provider calls as data egress. Make it explicit what prompts, files, or images are sent to third-party providers and require approval before forwarding sensitive content.

behavioralASST-02

mediumDownload-and-execute pattern detected (inside code block)-8

The skill contains a download-and-execute pattern inside a code block. Verify the URL is trustworthy.

curl -fsSL https://cli.inference.sh | sh

→ Pin the installer to a specific version or hash. Consider bundling dependencies instead.

dependenciesASST-04

mediumUnknown external reference-8

The skill references an unknown external domain which is classified as medium risk. Merged overlapping signals from the repeated finding family: - Unknown external reference

https://inference.sh

→ Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04

lowUnknown external reference

The skill references an unknown external domain which is classified as low risk.

https://dist.inference.sh/cli/checksums.txt

→ Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04