ClawHub

comfyui-runner

v1.0.0

Start/stop/status for a ComfyUI instance.

1· 3.9k·15 current·15 all-time
by@xtopher86
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README and skill description advertise start/stop/status actions. The runtime CLI (bin/cli.js) explicitly rejects anything other than 'status' (returns only_status_supported_in_container). SKILL.md mentions basic auth variables and use of curl, but the code does not implement auth or call curl. The declared required binaries include curl, which the code never uses. These mismatches indicate the skill does not deliver its advertised capabilities.
!
Instruction Scope
SKILL.md instructs the agent to possibly start/stop the ComfyUI server and to read a .env in the skill directory; the code only reads process.env and only implements a GET to /health using fetch. The skill will by default target a hard-coded host IP (192.168.179.111) and port (28188) unless environment variables override them — this default means an unmodified installation could probe that specific network endpoint when invoked.
Install Mechanism
There is no external install script or download; the skill is instruction-only with a bundled CLI file. Nothing in the install mechanism pulls code from remote URLs or runs installers, so install risk is low. The included code will run when the CLI is invoked.
Credentials
No required environment variables or credentials are declared, which is appropriate for a status-only check. However, SKILL.md documents COMFYUI_USER and COMFYUI_PASS and suggests a .env file, while the code does not use those auth variables or explicitly read a .env file. The presence of a hard-coded default host/IP is notable and may be unexpected for users.
Persistence & Privilege
The skill does not request permanent/always-on inclusion, does not modify other skills, and does not write persistent configuration outside its workdir. It only performs network requests when invoked. Autonomous invocation is allowed by platform default, but that is not combined with any elevated privileges here.
What to consider before installing
This skill is internally inconsistent: its documentation and metadata promise start/stop control and mention curl, basic auth, and a .env, but the actual CLI only performs a GET /health (status) and rejects run/stop. Before installing, consider: 1) If you need start/stop capability, this skill does not provide it — ask the author or update the code. 2) Change the default COMFYUI_HOST/PORT (or set COMFYUI_HOST/COMFYUI_PORT in the environment) so the skill does not probe the hard-coded IP by accident. 3) Verify why curl is listed as required and whether basic auth is needed; the current code doesn't use them. 4) If you allow autonomous agent invocation, be aware the skill can perform network requests to the configured host when invoked. If you are uncomfortable, do not install or run it until the documentation and code are reconciled.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c0xsw45sy60p360rrt3cpnh7zy8k3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧩 Clawdis
Binsnode, curl

Comments