Skillv1.2.5

ClawScan security

JMCAI Comfypet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 5, 2026, 9:06 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are consistent with its stated purpose (calling a local JMCAI Comfypet Workflow Bridge to list workflows, submit runs, upload media assets, and poll results), but it can upload local files to a remote bridge if configured — review the bridge_url and allowed file types before use.
Guidance: This skill appears to do what it claims: it talks to a JMCAI Comfypet Workflow Bridge (default localhost), lists workflows, submits runs, and uploads/downloads media assets. Before installing: 1) Confirm the config.json bridge_url is local (127.0.0.1) unless you explicitly trust a remote bridge — pointing it at an untrusted host will cause the skill to upload your local files. 2) Note the skill enforces a whitelist of allowed extensions (images, common media, .txt/.pdf/.csv/subtitle formats) — avoid passing sensitive documents even if their suffix is allowed. 3) Run the provided doctor/registry commands to verify the desktop application and bridge version. 4) If you have concerns, review the jmcai_skill.py source (included) or test with non-sensitive files first. If you expect the skill to never transmit files over the network, do not change bridge_url to a remote host.

Review Dimensions

Purpose & Capability: okName/description match the implementation: the package exposes registry/run/status/history/doctor commands that talk to a Workflow Bridge. The declared requirements (python binary, config.json) align with the CLI-mode Python implementation and SKILL.md.
Instruction Scope: noteSKILL.md instructs the agent to call the included Python CLI (registry/run/status/history/doctor), to pass only aliased parameters, and to provide absolute local paths for asset fields. It does not instruct reading arbitrary system files or secrets. However, it explicitly supports uploading local asset files to a remote bridge when bridge_url is a non-loopback host — this expands scope to network transfer of user files and is called out in the documentation.
Install Mechanism: okNo install script; this is instruction-only usage of the provided Python script. The code files are included in the skill bundle and invoked directly by python; there is no external download or extraction of third-party code during install.
Credentials: noteThe skill requests no secrets or environment variables. It does require a config.json (defaulting to localhost bridge). The primary risk is file upload: if the user configures a remote bridge_url, the skill will upload asset files (images, video, audio, and a narrow whitelist of other file types). The whitelist is enforced in code, which reduces but does not eliminate the risk of unintentionally uploading sensitive .txt/.pdf files. Users should ensure bridge_url points to a trusted endpoint.
Persistence & Privilege: okalways is false and the skill does not request persistent elevated privileges or modify other skills. It operates as a CLI invoked by the agent and writes outputs/downloads to the local machine as part of normal operation.