Back to skill

Security audit

Comfy Cli

Security checks across malware telemetry and agentic risk

Overview

This skill describes powerful but expected ComfyUI management commands, with no evidence of hidden or malicious behavior.

Install only if you are comfortable letting the agent help change a ComfyUI environment. Prefer localhost over 0.0.0.0, back up important workflows before update/remove operations, install custom nodes and models only from trusted sources, and avoid putting API tokens directly in commands or shared logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill prominently documents install, update, uninstall, and remove commands that modify local environments, dependencies, custom nodes, and models, but it does not warn users that these operations can be destructive or alter existing setups. In a tool specifically designed to manage ComfyUI instances, omission of such warnings increases the chance of accidental breakage, data loss, or irreversible environment changes by users or downstream agents.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation encourages downloading models from third-party URLs and supplying CivitAI/Hugging Face tokens, but it provides no privacy or trust warning about external content, token handling, or provenance risks. This can lead users to fetch untrusted artifacts or expose sensitive access tokens in shell history, logs, or shared environments.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents background server launch and binding ComfyUI to `0.0.0.0` without warning that this exposes the service on all network interfaces. In the context of a workflow server that may have file, model, or execution capabilities, users may unintentionally make a local development instance reachable by other devices on the network or beyond if further exposed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.