v1.0.1

ComfyUI

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:22 AM.

Analysis

The skill mostly matches its ComfyUI purpose, but its model-weight downloader can install and run an unpinned GitHub binary and may write files outside the intended model folder for crafted URLs.

GuidanceReview this skill before installing. Only download model weights from trusted URLs, avoid --overwrite unless you are certain, consider using --no-pget or manually installing a verified pget binary, and stop the local ComfyUI server when finished.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/download_weights.py

name = unquote(name) if name else "downloaded.safetensors"
out_path = os.path.join(model_dir, name)

The script URL-decodes the filename and joins it to the model directory without rejecting decoded path separators or traversal components, so a crafted URL filename could escape the intended models folder.

User impactA malicious or malformed model-weight URL could cause the downloader to create files outside the selected ComfyUI model subfolder, and use of --overwrite could replace existing files.

RecommendationAfter decoding, sanitize with a basename-only filename policy, reject path separators and '..', normalize the destination with realpath, verify it remains inside the selected models directory, and require explicit confirmation for overwrites.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

scripts/download_weights.py

PGET_RELEASE = "https://github.com/replicate/pget/releases/latest/download"
...
f.write(resp.read())
os.chmod(pget_path, 0o755)
...
r = subprocess.run(cmd)

If pget is missing, the script downloads the latest external binary at runtime, marks it executable, and later runs it, with no pinned version, checksum, signature verification, or separate user approval in the code.

User impactInstalling or running the downloader could execute an unverified third-party binary from a moving release target on the user's machine.

RecommendationMake pget installation opt-in, pin a specific release and checksum or signature, prefer a packaged dependency, and default to the built-in downloader when provenance cannot be verified.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Run in the background or in a separate terminal so it keeps running. Then retry the workflow run.

The skill may start a local ComfyUI server as a long-running background process; this is disclosed and purpose-aligned, but it persists beyond a single command.

User impactComfyUI may continue running locally after the image-generation request is complete, consuming resources and leaving a local service available on the machine.

RecommendationTell users when the server is started, bind it to localhost, and provide clear instructions for stopping it when they are done.