ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Comfyskill

v1.0.3

Send prompts to a local ComfyUI instance to generate images based on user descriptions.

0· 224·1 current·1 all-time
by@edward-hsiao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill claims to send prompts to a local ComfyUI instance and includes a bundled workflow.json — that aligns with its purpose. However, the runtime code expects an environment variable WORKFLOW_PATH and a file named text2image-1.json (process.env.WORKFLOW_PATH + 'text2image-1.json'), while SKILL.md references workflow.json and lists no required env vars. This inconsistency means the code likely won't use the included workflow.json unless the environment is set up to match the code.
!
Instruction Scope
SKILL.md describes a simple generate_image(prompt) API and a default endpoint, but the actual index.js reads a local file (workflow) from an env path and POSTs workflow JSON to the endpoint. The SKILL.md does not declare that the agent must have WORKFLOW_PATH or that the code will read local files. Also the code uses an undefined variable prompt instead of the function argument, which is a logic bug and could cause runtime errors.
Install Mechanism
No install spec and only small code files are included. Nothing is downloaded or written during install — lowest install risk.
!
Credentials
The skill metadata declares no required environment variables, but index.js reads process.env.COMFYUI_ENDPOINT (with a sensible default) and process.env.WORKFLOW_PATH (no default) — the missing declaration for WORKFLOW_PATH is a mismatch. Also COMFYUI_ENDPOINT can be set to a non-local endpoint, which would cause the skill to send workflow/prompt data to a remote host if misconfigured.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or modify other skills. It simply reads files and posts to an endpoint at runtime.
What to consider before installing
This skill looks like a small ComfyUI helper but contains clear inconsistencies and coding errors. Before installing or using it: (1) verify and set WORKFLOW_PATH or update the code to use the included workflow.json (currently the code expects text2image-1.json in WORKFLOW_PATH); (2) fix the implementation to use the provided prompt argument (the code references an undefined prompt variable); (3) ensure COMFYUI_ENDPOINT is set to a trusted local address (default is localhost:8188) — otherwise the skill could send workflow data to a remote host; (4) review the workflow.json contents to ensure no sensitive local paths are exposed (it references a checkpoint filename). If you don't control the environment variables or cannot audit/patch the code, treat this skill as risky and avoid installing it.
index.js:5
Environment variable access combined with network send.
!
index.js:9
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk974h4rp1jsfbswrth2qj1nz7182w60n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments