JMCAI Comfypet
v1.2.5调用 JMCAI Comfypet 桌面应用中已经配置好的 ComfyUI workflow。本技能必须配合 JMCAI 桌面端运行。用于查询可用 workflow、读取暴露参数、提交运行并轮询结果。适用于用户要求生成图片、生成视频,或执行带图片、遮罩、音频、视频、文件输入资产的 workflow 场景;不适用于...
⭐ 0· 116·1 current·1 all-time
byJMCAI@allen-jmc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the implementation: the package exposes registry/run/status/history/doctor commands that talk to a Workflow Bridge. The declared requirements (python binary, config.json) align with the CLI-mode Python implementation and SKILL.md.
Instruction Scope
SKILL.md instructs the agent to call the included Python CLI (registry/run/status/history/doctor), to pass only aliased parameters, and to provide absolute local paths for asset fields. It does not instruct reading arbitrary system files or secrets. However, it explicitly supports uploading local asset files to a remote bridge when bridge_url is a non-loopback host — this expands scope to network transfer of user files and is called out in the documentation.
Install Mechanism
No install script; this is instruction-only usage of the provided Python script. The code files are included in the skill bundle and invoked directly by python; there is no external download or extraction of third-party code during install.
Credentials
The skill requests no secrets or environment variables. It does require a config.json (defaulting to localhost bridge). The primary risk is file upload: if the user configures a remote bridge_url, the skill will upload asset files (images, video, audio, and a narrow whitelist of other file types). The whitelist is enforced in code, which reduces but does not eliminate the risk of unintentionally uploading sensitive .txt/.pdf files. Users should ensure bridge_url points to a trusted endpoint.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or modify other skills. It operates as a CLI invoked by the agent and writes outputs/downloads to the local machine as part of normal operation.
Assessment
This skill appears to do what it claims: it talks to a JMCAI Comfypet Workflow Bridge (default localhost), lists workflows, submits runs, and uploads/downloads media assets. Before installing: 1) Confirm the config.json bridge_url is local (127.0.0.1) unless you explicitly trust a remote bridge — pointing it at an untrusted host will cause the skill to upload your local files. 2) Note the skill enforces a whitelist of allowed extensions (images, common media, .txt/.pdf/.csv/subtitle formats) — avoid passing sensitive documents even if their suffix is allowed. 3) Run the provided doctor/registry commands to verify the desktop application and bridge version. 4) If you have concerns, review the jmcai_skill.py source (included) or test with non-sensitive files first. If you expect the skill to never transmit files over the network, do not change bridge_url to a remote host.Like a lobster shell, security has layers — review code before you run it.
audiovk972m3q67nsccg8dn9cbp20y2h848n6mcomfyuivk972m3q67nsccg8dn9cbp20y2h848n6mfilevk972m3q67nsccg8dn9cbp20y2h848n6mimagevk972m3q67nsccg8dn9cbp20y2h848n6mjmcaivk972m3q67nsccg8dn9cbp20y2h848n6mlatestvk972m3q67nsccg8dn9cbp20y2h848n6mlatest comfyui image video jmcaivk971d80zcgam8k81zcfy8dg2sx844qz9videovk972m3q67nsccg8dn9cbp20y2h848n6m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🐾 Clawdis
OSWindows · Linux · macOS
Any binpython, python3, py
Configconfig.json