ComfyUI Video
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears coherent for automating ComfyUI video workflows, but users should be aware it involves running browser JavaScript and SSH commands against their own ComfyUI machine.
This skill looks purpose-aligned and does not show malicious behavior. Before using it, make sure you trust your ComfyUI installation and workflow files, review the included JavaScript, run it only in the correct browser session, and prefer a non-root SSH account for monitoring and tunneling.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the script can change the active ComfyUI workflow, prompts, frame counts, image input, and output filename prefixes.
The helper is intentionally run inside the ComfyUI browser page and loads/modifies the current workflow graph. This is expected for the skill, but it is still browser-side code execution.
在浏览器控制台或 JS evaluate 中运行 ... window.app.loadGraphData(wf);
Review the script first and run it only in the intended ComfyUI tab/session.
If copied directly, these commands require highly privileged access to the ComfyUI host.
The monitoring examples use SSH to a remote host as root. The shown commands are limited to log/output inspection, but root SSH is broad authority.
ssh -p PORT root@HOST "grep 'it/s' /tmp/comfy.log | tail -1"
Use a least-privileged SSH account where possible and verify HOST, PORT, and commands before running them.
The safety and correctness of the actual ComfyUI installation, custom nodes, workflow file, and model files are outside this skill’s package.
The package does not provide source provenance or an installation mechanism for the required ComfyUI/model environment. This is not suspicious by itself, but users must validate the surrounding setup.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Install ComfyUI, custom nodes, workflows, and models only from trusted sources and verify their paths and versions before use.