Back to skill
Skillv1.5.0
VirusTotal security
ComfyUI ImageGen (Flux2) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 8:23 AM
- Hash
- 1672a558db0dc2f73efc1d9c1d2b4acda83bbb63f3e6077b3c75b94b2343554a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: comfyui-imagegen Version: 1.5.0 The `scripts/generate.py` script contains vulnerabilities that could be exploited if the OpenClaw agent is compromised via prompt injection. Specifically, the `--host` argument allows specifying an arbitrary network target, enabling Server-Side Request Forgery (SSRF) against internal or external hosts. Additionally, the `--output` argument allows writing files to arbitrary paths on the system. While the skill's stated purpose is benign (image generation), these capabilities, combined with the `sessions_spawn` command in `SKILL.md` which executes a shell command, introduce significant security risks without clear malicious intent from the skill developer.
- External report
- View on VirusTotal