ai-avatar-video

The skill’s stated purpose (avatar/talking-head video creation using inference.sh) aligns with its described capabilities and workflows. However, the download-and-execute install pattern (curl ... | sh) and reliance on an unverifiable remote binary introduce meaningful supply-chain risk. Data flow to external media URLs is expected for this domain but warrants input validation/sandboxing. Overall, the footprint is somewhat coherent with the purpose but weighted toward suspicious due to the remote installer pattern and potential third-party binary trust gaps. Treat as SUSPICIOUS with caution and recommend adding verified binary distribution (signed checksums, package registries), explicit origin pinning, and clearer credential/data handling policies.