ComfyUI Bridge
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The ComfyUI image features are mostly purpose-aligned, but the included queue processor can persist jobs and later send generated images through the user's iMessage account to a default chat, which is not clearly scoped or declared.
Install only if you are comfortable reviewing and running the external ComfyUI bridge server and custom nodes. Before using the queue processor, check or disable iMessage delivery, remove the hard-coded default chat, and periodically inspect or clear ~/.openclaw/faceswap-queue for copied private images.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Queued generated or face-edited images could be sent from the user's Messages account to an arbitrary local chat row ID if the queue processor is run.
The queue processor can use the local imsg CLI to send output images through the user's iMessage account, falling back to a hard-coded chat row ID when no target is provided. This messaging-account authority is not declared in the registry requirements or the main skill description.
DEFAULT_CHAT_ID = "7"
IMSG_CLI = "/opt/homebrew/bin/imsg"
...
chat_target = req.get("chat_target", "") or DEFAULT_CHAT_ID
...
if send_imessage(chat_target, caption, out_path):Remove the hard-coded chat default, declare imsg/Messages access explicitly, and require an explicit user-selected chat target and confirmation before sending any message or file.
A failed image or faceswap request may persist and be completed later without the user being present, which can be surprising for sensitive images.
The skill includes a background daemon mode and later automatic processing of queued requests. This can continue after the original interaction, and the artifacts do not show strong boundaries around when queued work is allowed to run or deliver results.
python3 queue_processor.py --daemon # Run as background daemon (check every 5 min) ... When the bridge is down, comfyui_generate.py saves requests to a local queue directory (~/.openclaw/faceswap-queue/). This script processes them when the bridge comes back up
Make queueing and daemon processing opt-in, provide clear status/cancel commands, and require fresh confirmation before processing or delivering old queued requests.
If local queued request data is manipulated, the message-send fallback could potentially run unintended shell syntax under the user's account.
After a safer argument-list subprocess call fails, the code builds a shell command string and runs it with shell=True. The chat_id can come from queued request JSON, so malformed or tampered queue data could be interpreted by the shell.
shell_cmd = " ".join([IMSG_CLI, "send", "--chat-id", str(chat_id)]) ... r2 = subprocess.run(shell_cmd, shell=True, capture_output=True, text=True, timeout=30, env=send_env)
Remove shell=True, keep using argument-list subprocess calls, and validate chat IDs and file paths before invoking external tools.
Private photos used for faceswap or editing may be duplicated under ~/.openclaw/faceswap-queue and may remain there if processing fails.
When the bridge is unreachable, selected source face, input image, and style reference files are copied into a persistent local queue. This is related to retrying image jobs, but it means sensitive face/photo inputs can remain on disk outside their original location.
QUEUE_DIR = Path.home() / ".openclaw" / "faceswap-queue" ... # Copy image files to queue dir so they persist ... shutil.copy2(str(src), str(dst))
Tell users where queued images are stored, provide cleanup commands, and minimize or encrypt retained queued image data where possible.
The installed system depends on external server code and ComfyUI nodes beyond the reviewed OpenClaw skill files.
Setup requires cloning and running an external bridge server that is not included in the reviewed file manifest. This is expected for a ComfyUI bridge, but users are relying on additional unreviewed code.
git clone https://github.com/Bortlesboat/comfyui-bridge cd comfyui-bridge pip install -r requirements.txt python bridge_server.py
Review the external repository and dependencies before running them, and prefer pinned versions or releases where available.