๐ญ Face Swap โ Pro Pack on RunComfy
PassAudited by ClawScan on May 13, 2026.
Overview
This is a coherent RunComfy face-swap skill, but it uses a cloud CLI with a RunComfy token and identity media, so users should confirm consent, privacy, and install provenance before running it.
Install only the official RunComfy CLI, protect your RUNCOMFY_TOKEN, and run this skill only with media and identities you have rights to use. Confirm the model route and inputs before execution, and label or disclose synthetic media when required.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A run may send selected identity/source media references to RunComfy and create synthetic output, potentially consuming account credits.
The skill directs the agent/user to invoke external RunComfy model endpoints with user-supplied media references and write outputs locally.
runcomfy run <vendor>/<model>/<endpoint> \
--input '{"image_url": "...", "identity_url": "..."}' \
--output-dir ./outConfirm the selected model, input media, output directory, and expected costs before each run.
Anyone or any agent process using this credential can make RunComfy API calls under the user's account.
The skill requires a RunComfy credential and local CLI configuration to access the provider account.
Required env vars: RUNCOMFY_TOKEN Required config paths: ~/.config/runcomfy
Use a dedicated or scoped token if available, keep RUNCOMFY_TOKEN private, and revoke it if no longer needed.
Installing or running an external CLI can execute code from the package source on the user's machine.
The instruction-only skill depends on an external npm-distributed CLI rather than bundled reviewed code.
npm i -g @runcomfy/cli # or: npx -y @runcomfy/cli --version
Install the CLI from official RunComfy documentation, consider pinning a known version, and avoid running npm/npx commands from untrusted contexts.
Identity media or media URLs may be processed by RunComfy rather than staying entirely local.
The workflow depends on a cloud provider CLI/API for processing face, identity, image, and video data.
this RunComfy face swap skill substitutes a face or character into video or still images via the `runcomfy` CLI
Review RunComfy's privacy and retention terms and only provide media you are authorized to upload or reference.
Misuse could create misleading or non-consensual synthetic media, even though the skill warns against it.
The artifact acknowledges that face swapping can be misused and instructs users to confirm rights and refuse harmful requests.
**Face-swap is dual-use.** Before invoking any route in this skill, confirm: - You have rights to the target face
Use only with consent and rights to the media and identity, and disclose synthetic media where required.