ClawHub
Back to skill

Security audit

ComfyUI图像生成

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward ComfyUI image-generation helper, with expected network and file access for that purpose.

Install only if you intend to use the configured ComfyUI server. Confirm COMFYUI_SERVER points to a server you trust, avoid sensitive prompts on shared or untrusted networks, and choose explicit output directories where overwriting files would not matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
77% confidence
Finding
The skill accepts an arbitrary workflow_path and opens that local file, which gives callers local file read capability outside the narrow image-generation role. In an agent setting, this can expose sensitive local files if an attacker can influence the path, especially because the function returns parsing and existence errors that reveal filesystem information.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises a default ComfyUI server over plain HTTP at a private IP address without warning that prompts, workflow contents, and possibly generated-image metadata are transmitted unencrypted. In environments where the network is shared or untrusted, this can expose sensitive prompt data and enable tampering or interception of requests and responses.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill sends the full workflow and user prompt to a configured ComfyUI server without any explicit disclosure, consent, or trust boundary checks in the code. If the server is remote, compromised, or misconfigured, sensitive prompts and workflow content may be exposed off-box.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The generate function copies the produced file to an arbitrary caller-supplied output_path and creates parent directories if needed. In an agent or multi-tenant environment, this can be abused to write files to unintended locations, overwrite user data, or place files where other components will later consume them.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal