Back to skill

Security audit

ComfyUI ImageGen (Flux2)

Security checks across malware telemetry and agentic risk

Overview

This skill mostly generates images through ComfyUI, but its recommended async workflow can automatically send the result to a hard-coded Telegram recipient and delete the local copy.

Review and edit the async example before installing or using it. Remove the hard-coded Telegram send unless that exact recipient is intended, avoid automatic deletion unless you want local copies removed, and keep --host pointed at a trusted ComfyUI server.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documented workflow instructs a spawned sub-agent to send generated files to a hard-coded Telegram target and then delete the local file. That expands the skill from local image generation into autonomous exfiltration and destructive file handling, creating a real risk of data leakage and unintended actions outside the user's immediate control.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest description frames the async watcher as a low-latency polling optimization, but the body documents automatic Telegram delivery as part of the behavior. This mismatch obscures a material side effect, making the skill more dangerous because operators may approve or invoke it believing it only polls ComfyUI locally.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The markdown instructs automatic file deletion as part of the spawned command without warning about the destructive step or limiting deletion to a safely managed temp directory. Even if the example targets a generated file, normalizing silent deletion in automation increases the chance of accidental data loss or abuse if variables or paths are manipulated.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.