ClawHub

Openclaw Comfyui Api Runner

Security checks across malware telemetry and agentic risk

Overview

This ComfyUI connector mostly matches its purpose, but it stores reusable credentials in plaintext and can expose generated files through an unauthenticated network-accessible viewer.

Install only if you are comfortable with these operational risks. Prefer environment variables over saved profiles for secrets, use only trusted ComfyUI servers, avoid sensitive prompts or workflow data, and do not run the generated-file viewer on networks where other devices can reach your machine unless you firewall or modify it to bind to localhost.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
`fetch_url` performs an unrestricted GET to any caller-supplied URL and automatically attaches the configured ComfyUI API key or Basic Auth credentials. In the context of a ComfyUI-specific connector, this broadens the trust boundary into a generic authenticated fetch primitive and can enable SSRF, internal network access, or credential leakage to attacker-controlled hosts if untrusted input reaches this function.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The server exposes a state-changing delete action over HTTP without any authentication, authorization, or CSRF protection. Because it binds to 0.0.0.0, anything that can reach the port can trigger deletion of generated files, and even a local browser visit to a malicious page could potentially induce deletion requests against the service.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents saved server profiles with fields for `api_key`, `username`, and `password`, but does not prominently warn that these credentials may be stored locally in `~/.config/openclaw/comfyui-runner.json`. This creates a real risk of credential exposure through local compromise, accidental backup/sync leakage, permissive file permissions, or inadvertent sharing of the config file.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill description explains that workflows are submitted to ComfyUI and that all outputs are downloaded, but it does not provide a clear privacy warning about sending user-supplied workflow JSON to a possibly remote server and persisting generated images locally. Users may unknowingly transmit sensitive prompts, embedded metadata, model references, or personal content to third-party infrastructure and then leave artifacts on disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`save_profile` persists API keys and raw usernames/passwords to a JSON file in the user's home directory, with no file-permission hardening, encryption, or warning. This creates a durable local secret store that may be readable by other local processes or exposed via backups, logs, or accidental disclosure.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal