ComfyUI
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its ComfyUI purpose, but its model downloader can install and run an unpinned GitHub binary and can be tricked into writing downloads outside the intended models folder.
Install only if you are comfortable with local file writes and helper downloads. Use trusted model URLs, consider running the downloader with --no-pget or a vetted pget binary, and stop the local ComfyUI server when you are done.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed model URL could create files outside ~/ComfyUI/models, and with --overwrite could replace existing writable files.
The downloaded filename is URL-decoded and joined to the model directory without rejecting absolute paths, slashes, or '..' segments after decoding.
name = unquote(name) if name else "downloaded.safetensors" out_path = os.path.join(model_dir, name)
Validate decoded filenames, reject path separators and '..', restrict schemes to http/https, and resolve the final path to confirm it stays inside the intended model directory.
Using the model downloader can execute a newly downloaded third-party binary with the user's local permissions.
The script downloads the latest pget binary from GitHub, makes it executable, and runs it without pinning a version or verifying a checksum/signature.
PGET_RELEASE = "https://github.com/replicate/pget/releases/latest/download" ... os.chmod(pget_path, 0o755) ... r = subprocess.run(cmd)
Do not auto-install unpinned executables by default; require explicit user approval, pin versions and checksums, or default to the built-in downloader.
The local ComfyUI server may keep running and consuming resources after the workflow finishes.
The skill asks for a long-running local ComfyUI server process, which is expected for ComfyUI but persists beyond the immediate command.
Run in the background or in a separate terminal so it keeps running. Then retry the workflow run.
Tell the user when a background server has been started and how to stop it when finished.