llm-models

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] The skill is consistent with its stated purpose (accessing many LLMs via the infsh CLI/OpenRouter). I found no direct evidence of embedded malware, hardcoded secrets, or obfuscated malicious code. The meaningful risks are operational and trust-based: the curl | sh installer pattern (even with available checksums), reliance on inference.sh/OpenRouter as a proxy (which will see user prompts and possibly stored tokens), and the broad allowed-tools permission (Bash(infsh *)) which allows the agent to run arbitrary infsh commands that could read and send local data. These behaviors are coherent with the skill's functionality but require the user to trust the external service and the installer. Recommend users verify checksums manually, review where infsh stores credentials, and limit agent file/credential access when using this skill. LLM verification: The SKILL.md correctly describes a CLI-based gateway to many LLMs and contains expected examples. The main security concern is the recommended 'curl | sh' installer pattern and the implicit trust required to execute a closed-source binary from dist.inference.sh. Because the actual installer and CLI binary are not included in this repository, their behavior cannot be audited, creating a supply-chain risk: arbitrary code execution at install time and potential credential or data exfiltration at ru