character-design-sheet

[Skill Scanner] Pipe-to-shell or eval pattern detected The skill is functionally coherent for the stated purpose (generating consistent character sheets using an external CLI and LoRA), but it uses high-risk supply-chain patterns: a pipe-to-shell installer (curl | sh), a single third-party distribution point (inference.sh) with no integrity verification, and workflows that upload prompts, images, and local LoRA files to remote endpoints. These patterns raise a moderate-to-high security concern (credential or file exfiltration and arbitrary code execution) even though the content appears legitimate. Recommend treating this skill as SUSPICIOUS: do not run the curl|sh installer without verifying publisher authenticity and signer checks; prefer official package manager installs, audited binaries, and documented data handling and credential scopes. LLM verification: This SKILL.md is documentation for a character-design image-generation workflow that depends on an external CLI installed via a curl | sh pattern (https://cli.inference.sh). There is no evidence of embedded malware or obfuscated payloads in the text itself, but the install-and-run pattern is a high-risk supply-chain action and the CLI will likely handle user credentials and may upload local LoRA files. The skill is SUSPICIOUS: avoid running the curl|sh installer or logging into the third-party C