๐ Video Outpainting โ Pro Pack on RunComfy
PassAudited by ClawScan on May 14, 2026.
Overview
This appears to be a legitimate RunComfy video outpainting helper, but it requires installing/using the RunComfy CLI, signing in, and sending chosen video URLs and prompts to RunComfy.
Before installing, confirm you trust the RunComfy CLI package and are comfortable signing in with a RunComfy token. Only submit video URLs and prompts that you are allowed to process through RunComfy, and monitor account usage or billing when running model jobs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the command may create RunComfy jobs, use account quota or billing, and write generated files to the selected output directory.
The skill directs the agent/user to invoke an external CLI that starts a cloud model job and writes outputs locally. This is central to the stated video outpainting purpose.
runcomfy run wan-ai/wan-2-7/edit-video ... --input '{"video_url": "...", "prompt": "...extend canvas..."}' ... --output-dir ./outOnly run jobs with video URLs and prompts you intend to process, and check the output directory before overwriting or sharing results.
The CLI can use the signed-in RunComfy account or token to submit jobs, which may consume quota or incur costs depending on the account.
The skill requires RunComfy authentication so the CLI can act in the user's RunComfy account. This is expected for a cloud model service.
runcomfy login # or in CI: export RUNCOMFY_TOKEN=<token>
Use a token appropriate for this service, avoid sharing it, and revoke or rotate it if no longer needed.
Installing or invoking the npm package runs software from the package source on the user's machine.
The setup relies on an external npm-distributed CLI rather than bundled reviewed code. This is normal for a CLI integration but creates ordinary package provenance risk.
npm i -g @runcomfy/cli # or: npx -y @runcomfy/cli --version
Install the CLI from the official RunComfy documentation or verified npm package, and keep it updated through trusted channels.
Any media URL or prompt provided may be processed by RunComfy, so private or sensitive video content could leave the user's local environment.
The model invocation sends a video URL and prompt to the RunComfy service. This provider data flow is disclosed and matches the skill purpose.
--input '{"video_url": "https://your-cdn.example/vertical-clip.mp4", "prompt": "Extend the canvas to 16:9 horizontal ..."}'Use only media you are allowed to send to RunComfy, and review RunComfy's privacy, retention, and billing terms for sensitive projects.