ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ComfyUI

Run local ComfyUI workflows via the HTTP API. Use when the user asks to run ComfyUI, execute a workflow by file path/name, or supply raw API-format JSON; supports the default workflow bundled in assets.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 2.4k · 20 current installs · 24 all-time installs
by@kelvincai522
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, the run script, the download script, and the workflow assets all align with 'run ComfyUI workflows locally'. Required binary (python3) and references to a local ComfyUI install are appropriate for the stated purpose.
Instruction Scope
SKILL.md instructs the agent to read and edit workflow JSON (assets or user-supplied) and to run the bundled runner and downloader. This requires reading/writing files under the skill assets and interacting with the user's ~/ComfyUI install and its API on localhost — which is expected — but users should be aware the agent will make filesystem changes (write tmp workflow JSON) and may start/expect the ComfyUI server.
Install Mechanism
The skill is instruction-only (no global install spec), but the download_weights script can auto-download the pget binary from GitHub releases (https://github.com/replicate/pget/releases/latest/download) into ~/.local/bin and will write model files into ~/ComfyUI/models/<subfolder> as requested by the user. Using GitHub releases is a reasonable source, but it does download and write an executable to the user's home directory which the user may wish to review.
Credentials
The skill declares no environment variables or credentials. Scripts only use local paths (~/ComfyUI, ~/.local/bin) and network access when explicitly asked to download model weights or to call remote URLs provided by the user. No unrelated secrets are requested.
Persistence & Privilege
always:false and no modifications to other skills are requested. The only persistent changes possible are creating ~/.local/bin/pget (when downloading pget) and writing model files under the user's ComfyUI models directory — both are scoped to the user's home and are consistent with the skill's purpose.
Assessment
This skill appears coherent for running ComfyUI locally, but review these points before installing or running it: - File writes: the downloader will write model files into ~/ComfyUI/models/<subfolder> and may create ~/.local/bin/pget (an executable downloaded from GitHub releases). If you run downloads, only provide trusted model URLs and consider running the downloader interactively so you can review what it will fetch. - Executable install: pget will be downloaded to your home directory and made executable. If you prefer, install pget yourself or run the downloader with --no-pget to avoid automatic installation. - Local server access: the run script communicates with a ComfyUI server expected at 127.0.0.1:8188. Make sure that server is a trusted local ComfyUI instance. The skill does not contact external APIs except for downloading files you explicitly provide. - Workflow edits: the agent is instructed to modify workflow JSON (prompts, seeds, etc.) before running. Inspect any edited workflow (tmp file in the skill assets) if you have content-policy concerns — e.g., the bundled tmp-workflow contains an explicit sexual prompt. If you are comfortable with the above (downloading model weights only from sources you trust and allowing the skill to write into your ComfyUI install), this skill is proportionate to its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk974pxc65dsn3rqjc6kn4xt7tx80jeb7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖼️ Clawdis
Binspython3

SKILL.md

ComfyUI Runner

Overview

Run ComfyUI workflows on the local server (default 127.0.0.1:8188) using API-format JSON and return output images.

Editing the workflow before running

The run script only takes --workflow <path>. You must inspect and edit the workflow JSON before running, using your best knowledge of the ComfyUI API format. Do not assume fixed node IDs, class_type names, or _meta.title values — the user may have updated the default workflow or supplied a custom one.

For every run (including the default workflow):

  1. Read the workflow JSON (default: skills/comfyui/assets/default-workflow.json, or the path/file the user gave).
  2. Identify prompt-related nodes by inspecting the graph: look for nodes that hold the main text prompt — e.g. PrimitiveStringMultiline, CLIPTextEncode (positive text), or any node with _meta.title or class_type suggesting "Prompt" / "positive" / "text". Update the corresponding input (e.g. inputs.value, or the text input to the encoder) to the image prompt you derived from the user (subject, style, lighting, quality). If the user didn’t ask for a custom image, you can leave the existing prompt or tweak only if needed.
  3. Optionally identify style/prefix nodes — e.g. StringConcatenate, or a second string input that acts as style. Set them if the user asked for a specific style or to clear a default prefix.
  4. Optionally set a new seed — find sampler-like nodes (e.g. KSampler, BasicGuider, or any node with a seed input) and set seed to a new random integer so each run can differ.
  5. Write the modified workflow to a temp file (e.g. skills/comfyui/assets/tmp-workflow.json). Use ~/ComfyUI/venv/bin/python for any inline Python; do not use bare python.
  6. Run: comfyui_run.py --workflow <path-to-edited-json>.

If the workflow structure is unclear or you can’t find prompt/sampler nodes, run the file as-is and only change what you can reliably identify. Same approach for arbitrary user-supplied JSON: inspect first, edit at your best knowledge, then run.

Run script (single responsibility)

~/ComfyUI/venv/bin/python skills/comfyui/scripts/comfyui_run.py \
  --workflow <path-to-workflow.json>

The script only queues the workflow and polls until done. It prints JSON with prompt_id and output images. All prompt/style/seed changes are done by you in the JSON beforehand.

If the server isn’t reachable

If the run script fails with a connection error (e.g. connection refused or timeout to 127.0.0.1:8188), ComfyUI may not be installed or not running.

Check: Does ~/ComfyUI exist and contain main.py?

  • If not installed: Install ComfyUI (e.g. clone the repo, create a venv, install dependencies, then start the server). Example:

    git clone https://github.com/comfyanonymous/ComfyUI.git ~/ComfyUI
cd ~/ComfyUI
python3 -m venv venv
~/ComfyUI/venv/bin/pip install -r requirements.txt

    Then start the server (see below). Tell the user they may need to install model weights into ~/ComfyUI/models/ depending on the workflow.

  • If installed but not running: Start the ComfyUI server so the API is available on port 8188. Example:

    ~/ComfyUI/venv/bin/python ~/ComfyUI/main.py --listen 127.0.0.1

    Run in the background or in a separate terminal so it keeps running. Then retry the workflow run.

Use ~ (or the user’s home) for paths so it works on their machine.

Model weights from URLs

When the user pastes or sends a list of model weight URLs (one per line, or comma-separated), download those files into the ComfyUI installation so the workflow can use them later.

  1. Normalize the list — one URL per line; strip empty lines and comments (lines starting with #).
  2. Run the download script with the ComfyUI base path (default ~/ComfyUI). The script uses pget for parallel downloads when available; if pget is not in PATH, it installs it to ~/.local/bin automatically (no sudo). If pget cannot be installed (e.g. unsupported OS/arch), it falls back to a built-in download. Use the ComfyUI venv Python so the script runs correctly: 
    ~/ComfyUI/venv/bin/python skills/comfyui/scripts/download_weights.py --base ~/ComfyUI
    Pass URLs as arguments, or pipe a file/list on stdin: 
    echo "https://example.com/model.safetensors" | ~/ComfyUI/venv/bin/python skills/comfyui/scripts/download_weights.py --base ~/ComfyUI
    Or save the user’s list to a temp file and run: 
    ~/ComfyUI/venv/bin/python skills/comfyui/scripts/download_weights.py --base ~/ComfyUI < /tmp/weight_urls.txt
    To force the built-in download (no pget): add --no-pget.
  3. Subfolder: The script infers the ComfyUI models subfolder from the URL/filename (e.g. vae, clip, loras, checkpoints, text_encoders, controlnet, upscale_models). The user can optionally specify a subfolder per line as url subfolder (e.g. https://.../model.safetensors vae). You can also pass a default with --subfolder loras so all URLs in that run go to models/loras/.
  4. Existing files: By default the script skips URLs that already exist on disk; use --overwrite to replace.
  5. Paths: Files are written under ~/ComfyUI/models/<subfolder>/. Tell the user where each file was saved and that they can run the workflow once the ComfyUI server is (re)started if needed.

Supported subfolders (under ComfyUI/models/): checkpoints, clip, clip_vision, controlnet, diffusion_models, embeddings, loras, text_encoders, unet, vae, vae_approx, upscale_models, and others. Use --subfolder <name> when the auto-inference is wrong.

After run

Outputs are saved under ComfyUI/output/. Use the images list from the script output to locate the files (filename + subfolder).

⚠️ Always send the output to the user

After a successful ComfyUI run, you must deliver the generated image(s) to the user. Do not reply with only the filename in text or with NO_REPLY.

  1. Parse the script output JSON for images (each has filename, subfolder, type).
  2. Build the full path: ComfyUI/output/ + subfolder + filename (e.g. ComfyUI/output/z-image_00007_.png).
  3. Send the image to the user via the channel they're on (e.g. use the message/send tool with the image path so the user receives the file). Include a short caption if helpful (e.g. "Here you go." or "Tokyo street scene.").

Every successful run must result in the user receiving the image. Never leave them with only a filename or no delivery.

Resources

scripts/

  • comfyui_run.py: Queue a workflow, poll until completion, print prompt_id and images. No args — you edit the JSON before running.
  • download_weights.py: Download model weight URLs into ~/ComfyUI/models/<subfolder>/. Uses pget when available (installs to ~/.local/bin if missing); fallback to built-in download. Input: URLs as args or one per line on stdin. Options: --base, --subfolder, --overwrite, --no-pget. Infers subfolder from URL/filename when not given.

assets/

  • default-workflow.json: Default workflow. Copy and edit (prompt, style, seed) then run with the edited path; or run as-is for a generic run.

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…