warn
suspicious.install_untrusted_source
- Location
- config.example.json:6
- Finding
- Install source points to URL shortener or raw IP.
ComfyUI Skill for OpenClaw
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.install_untrusted_source
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If approved or invoked, the skill can install workflow dependencies and change the local ComfyUI setup.
Why it was flagged
The agent-facing command set includes installing missing ComfyUI custom nodes, which is central to the skill but can modify the user's ComfyUI environment.
Skill content
`comfyui-skill --json deps install <id> --repos '[...]'` | Install missing custom nodes |
Recommendation
Require user confirmation before dependency installation, workflow deletion, or server configuration changes, and prefer reviewing listed repositories before install.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Installing or updating may bring in code not fully represented by the reviewed skill artifacts.
Why it was flagged
The skill relies on an external CLI package and an update path that fetches newer code/assets. This is documented and expected, but it means part of runtime behavior comes from external sources.
Skill content
`pipx install comfyui-skill-cli` ... `pip install comfyui-skill-cli` ... `./update.sh` ... "pulls the latest code, syncs frontend assets, and installs new dependencies."
Recommendation
Install from trusted package/repository locations, consider pinning versions, use pipx or a virtual environment, and review updates before running them.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Configured API keys may authorize paid or private cloud image-generation services through workflows.
Why it was flagged
The skill can store/use API keys for authenticated ComfyUI or cloud-backed nodes. This is purpose-aligned but involves delegated account access.
Skill content
**ComfyUI API Key support** — New API Key field in server settings enables authentication for cloud API nodes such as Kling, Sora, and Nano Banana
Recommendation
Use least-privilege keys where possible, keep config files private, and confirm which server/workflow will use a key before running jobs.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Prompts, workflow parameters, and result metadata may remain on disk after generation.
Why it was flagged
The skill stores run history including prompts/parameters and outputs. This is useful for auditability but may retain sensitive creative prompts or generated content.
Skill content
**Execution history** — Full records of each run including parameters, results, and timing
Recommendation
Avoid putting secrets or private data in prompts, and periodically review or clear history if the machine is shared.
NoteHigh Confidence
ASI10: Rogue AgentsWhat this means
A local management UI process may remain active until stopped.
Why it was flagged
The local Web UI launcher can start a background process. The instruction is disclosed and only for UI launch requests, but it may keep running after the immediate task.
Skill content
This command will: ... "start it in the background if it is not running" ... "try to open the browser to the local dashboard automatically"
Recommendation
Only start the UI when needed, and stop the local process when finished if you do not want it running.