ClawHub

ComfyUI Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real ComfyUI image-generation skill, but it needs Review because its file and server handling are broader than the documentation bounds.

Install only if you will point it at a ComfyUI server you control. Avoid third-party endpoints, do not pass sensitive JSON files as workflows, and consider patching the helper to restrict workflow paths and sanitize downloaded filenames before broad use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs the agent to read workflow files and connect to a user-supplied local-network ComfyUI server over HTTP/WebSocket, yet no permissions are declared. That creates a capability-transparency gap: users and any policy layer may not be properly warned that the skill can access local files and initiate network connections.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill description says it uses a local ComfyUI instance but does not clearly warn that user prompts and workflow data are transmitted over HTTP/WebSocket to another service on the network. This matters because prompts may contain sensitive data, and 'local network' does not imply confidentiality or authentication.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill states that generated images are saved to `image-gens/` and may be configured to sync to local document folders, but it does not prominently warn about filesystem side effects. This can surprise users, create unintended persistence of sensitive images, or propagate outputs into broader synced storage.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The workflow automatically saves generated images to disk using a fixed filename prefix, but the file itself provides no visible disclosure or consent mechanism. In a privacy-oriented local image generation skill, silent persistence can surprise users and may retain sensitive or personal prompts/images longer than expected.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow persistently saves generated images to disk via the SaveImage node, but the provided skill context does not indicate any user-facing disclosure that local files will be written. In a privacy-focused local-generation skill, undisclosed persistence can expose sensitive prompts or generated content to other local users, backups, or later unintended reuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal