๐จ AI Image Generation โ Pro Pack on RunComfy
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user who follows the setup instructions will run a third-party CLI package on their machine.
The skill documents installing or executing the external RunComfy CLI package from npm, without a pinned version in the provided artifact.
npm i -g @runcomfy/cli ... npx -y @runcomfy/cli --version
Install the CLI from the official RunComfy documentation, verify the package name, and keep it updated from a trusted source.
The agent can submit RunComfy jobs using the user's account and may consume credits or quota.
The skill requires RunComfy authentication, either via interactive login or a token. This is expected for using the provider but is still account-level authority.
runcomfy login ... export RUNCOMFY_TOKEN=<token-from-runcomfy.com/profile>
Use a scoped or revocable RunComfy token where available, and review generation requests before running costly or sensitive jobs.
Prompts and generation inputs are sent to RunComfy, and output files are written locally.
The core workflow invokes the local RunComfy CLI with user-provided prompt input and writes generated outputs to a local directory. This matches the skill purpose.
runcomfy run <vendor>/<model>/<endpoint> --input '{"prompt": "..."}' --output-dir ./outAvoid submitting private or sensitive prompts/images unless you are comfortable with RunComfy processing them, and choose an output directory intentionally.