ComfyUI Local Gen

Type: OpenClaw Skill Name: comfyui-local Version: 1.1.0 The skill is classified as suspicious due to several vulnerabilities in `scripts/comfy_gen.py`. It allows for arbitrary JSON file reads via the `--workflow` argument, as the script does not restrict the path to within the skill directory. Additionally, the script saves images using filenames provided directly by the ComfyUI server, posing a potential path traversal vulnerability if a malicious server provides a crafted filename. While the core functionality is benign, these flaws could be exploited for local file access or arbitrary file writes.