ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ComfyUI执行器

v1.0.1

通过 HTTP API 与 ComfyUI 服务交互,支持工作流提交与执行、队列管理、文件上传和能力探测;自动检测视频工作流并使用合适超时;简洁输出执行结果;当用户需要使用 ComfyUI 生成图像、视频、音频或管理服务时使用

0· 78·0 current·0 all-time
by@chsengni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the included scripts: the code implements workflow submission, queue management, file upload, capability probing and memory/history management via ComfyUI HTTP endpoints. Required files and referenced endpoints are consistent with a ComfyUI client.
Instruction Scope
SKILL.md and the scripts instruct the agent to read/write local workflow and output directories, open files for upload, and call the configured ComfyUI HTTP endpoints. This is within the skill's stated scope. Note: the scripts will create directories (workflows, output, temp) and read the local config/config.yaml when present.
Install Mechanism
There is no install spec (instruction-only), and the code is plain Python scripts. Dependencies are standard Python packages (requests, websocket-client, Pillow, pyyaml). No downloaded binaries or remote installers are used.
!
Credentials
Registry metadata declares no required env vars, but the code and config loader use environment variables (COMFYUI_SERVER_URL and COMFYUI_API_KEY) and a local config file (config/config.yaml). The skill will send file contents to whatever server_url is configured (default localhost). The use of an API key environment variable is proportionate to the functionality, but its absence from the declared requirements is an omission the user should be aware of.
Persistence & Privilege
Flags: always=false and normal model invocation. The skill does not request permanent elevated privileges nor modify other skills. It writes only to its own workflows/output/temp directories (created under the skill script path).
Assessment
This skill is a normal ComfyUI HTTP client and generally coherent with its description. Before installing: 1) Review and (if necessary) edit config/config.yaml — the scripts will read it and may use COMFYUI_SERVER_URL and COMFYUI_API_KEY even though the registry didn't list them. 2) Confirm the server URL (default http://127.0.0.1:8188) points to a ComfyUI instance you control; the skill will upload files and send workflow JSON to that URL. 3) If you will provide an API key, set COMFYUI_API_KEY in a secure place (or pass --api-key at runtime); consider least-privilege API credentials. 4) The tool will create local directories (workflows/, output/, temp/) under the skill location — if that is a concern run it in an isolated workspace or container. 5) The code uses standard Python libraries; install dependencies in a virtualenv. If you need higher assurance, inspect the full scripts for any modifications to the server_url usage or unexpected network destinations before running.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bf4rb162enm2gck1yqjcs698402ga

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments