ClawHub

Comfy Cli

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ComfyUI management helper, but it can install code, change local ComfyUI state, download files, and store provider tokens.

Install this only if you intend to let the agent manage a local ComfyUI setup. Review commands before running updates, uninstall/remove, restore, publish, or dependency-repair operations; keep snapshots or backups for important workspaces. Use least-privilege provider tokens, avoid untrusted model URLs and custom nodes, and disable tracking if you do not want CLI analytics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill advertises destructive state-changing commands such as node uninstall, update, disable/enable, snapshot restore, dependency restore, and model removal without any nearby warning that these actions can overwrite local configuration, change dependency graphs, or delete assets. In a tool specifically used to manage local ComfyUI environments, omission of safety guidance increases the chance of accidental data loss or environment breakage, especially when an agent may surface these commands directly to users.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents network-capable actions including model downloads from external URLs, use of CivitAI/Hugging Face tokens, analytics tracking, and feedback submission, but it does not warn users that data, identifiers, tokens, or workflow-related metadata may be transmitted to third parties. In an agent skill, this is risky because users may invoke commands without realizing they trigger outbound network access or disclose sensitive credentials/configuration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal