ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

image

v1.0.0

Run local ComfyUI workflows via the HTTP API. Use when the user asks to run ComfyUI, execute a workflow by file path/name, or supply raw API-format JSON; sup...

0· 58·0 current·0 all-time
by@kirkraman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kirkraman/kirk-image.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "image" (kirkraman/kirk-image) from ClawHub.
Skill page: https://clawhub.ai/kirkraman/kirk-image
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install kirkraman/kirk-image

ClawHub CLI

Package manager switcher

npx clawhub@latest install kirk-image
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's declared purpose (run ComfyUI workflows) matches the included scripts and instructions: comfyui_run.py queues workflows to a local ComfyUI server and download_weights.py fetches model files into ~/ComfyUI/models/. Minor metadata mismatch: the top-level Requirements section shows no required binaries while SKILL.md metadata lists python3; the scripts do expect a ComfyUI venv Python (~/ComfyUI/venv/bin/python).
Instruction Scope
SKILL.md instructs the agent to read and edit workflow JSON (prompts, style, seeds), write a temp workflow, and run the provided script which posts to localhost:8188. It also instructs how to install/run ComfyUI if missing and how to download model weights from arbitrary URLs. Those actions touch the user's home (~/ComfyUI, ~/.local/bin) and write files there — this is expected for the skill's goal but is broader file-system activity than a pure 'in-memory' skill.
Install Mechanism
There is no explicit install spec in the registry (instruction-only), but runtime behavior includes downloading binaries: download_weights.py will attempt to fetch a pget release binary from GitHub releases into ~/.local/bin if pget is not present. Downloading executables and user-supplied model files at runtime is expected for this use-case, but it increases risk compared to an instruction-only skill that performs no downloads.
Credentials
The skill requests no credentials or environment variables. It uses conventional paths under the user's home (~/ComfyUI, ~/.local/bin) and does not attempt to read unrelated system credentials or config. The file writes and downloads are proportional to the stated purpose of installing/adding model weights.
Persistence & Privilege
always:false and the skill does not request elevated privileges or modify other skills. It will create files/directories under the user's home (models, temp workflow) and may install pget into ~/.local/bin and write model weights to ~/ComfyUI/models/. This persistent disk activity is expected but worth noting before install.
Assessment
This skill appears to do what it says: edit ComfyUI workflow JSON, queue runs against a local ComfyUI server, and download model weights to ~/ComfyUI/models/. Before installing or using it, review and confirm: (1) You have or want a local ComfyUI install at ~/ComfyUI (the skill writes into that folder). (2) The agent will write tmp-workflow.json and may modify workflows — always inspect workflow JSON before running (SKILL.md stresses this). (3) The download script will fetch arbitrary URLs you provide and may install a pget binary from GitHub into ~/.local/bin — only supply trusted download URLs and verify the pget source if you are concerned. (4) The skill does not request credentials, but it will perform network downloads and write executables and model files to your home directory. If you want to reduce risk, run the scripts manually in a controlled environment (inspect the code, run in a VM or container, or avoid automatic pget installation). Note: SKILL.md metadata and top-level manifest slightly disagree about required binaries (python3 vs none); ensure you run the scripts with the ComfyUI venv Python as documented.

Like a lobster shell, security has layers — review code before you run it.

aivk9797y61fd83sxf543ztynwy3x84z5g4latestvk9797y61fd83sxf543ztynwy3x84z5g4
58downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@kirkraman
ailatest
Download

ComfyUI Runner

Overview

Run ComfyUI workflows on the local server (default 127.0.0.1:8188) using API-format JSON and return output images.

Editing the workflow before running

The run script only takes --workflow <path>. You must inspect and edit the workflow JSON before running, using your best knowledge of the ComfyUI API format. Do not assume fixed node IDs, class_type names, or _meta.title values — the user may have updated the default workflow or supplied a custom one.

For every run (including the default workflow):

  1. Read the workflow JSON (default: skills/comfyui/assets/default-workflow.json, or the path/file the user gave).
  2. Identify prompt-related nodes by inspecting the graph: look for nodes that hold the main text prompt — e.g. PrimitiveStringMultiline, CLIPTextEncode (positive text), or any node with _meta.title or class_type suggesting "Prompt" / "positive" / "text". Update the corresponding input (e.g. inputs.value, or the text input to the encoder) to the image prompt you derived from the user (subject, style, lighting, quality). If the user didn't ask for a custom image, you can leave the existing prompt or tweak only if needed.
  3. Optionally identify style/prefix nodes — e.g. StringConcatenate, or a second string input that acts as style. Set them if the user asked for a specific style or to clear a default prefix.
  4. Optionally set a new seed — find sampler-like nodes (e.g. KSampler, BasicGuider, or any node with a seed input) and set seed to a new random integer so each run can differ.
  5. Write the modified workflow to a temp file (e.g. skills/comfyui/assets/tmp-workflow.json). Use ~/ComfyUI/venv/bin/python for any inline Python; do not use bare python.
  6. Run: comfyui_run.py --workflow <path-to-edited-json>.

If the workflow structure is unclear or you can't find prompt/sampler nodes, run the file as-is and only change what you can reliably identify. Same approach for arbitrary user-supplied JSON: inspect first, edit at your best knowledge, then run.

Run script (single responsibility)

~/ComfyUI/venv/bin/python skills/comfyui/scripts/comfyui_run.py \
  --workflow <path-to-workflow.json>

The script only queues the workflow and polls until done. It prints JSON with prompt_id and output images. All prompt/style/seed changes are done by you in the JSON beforehand.

If the server isn't reachable

If the run script fails with a connection error (e.g. connection refused or timeout to 127.0.0.1:8188), ComfyUI may not be installed or not running.

Check: Does ~/ComfyUI exist and contain main.py?

  • If not installed: Install ComfyUI (e.g. clone the repo, create a venv, install dependencies, then start the server). Example:

    git clone https://github.com/comfyanonymous/ComfyUI.git ~/ComfyUI
cd ~/ComfyUI
python3 -m venv venv
~/ComfyUI/venv/bin/pip install -r requirements.txt

    Then start the server (see below). Tell the user they may need to install model weights into ~/ComfyUI/models/ depending on the workflow.

  • If installed but not running: Start the ComfyUI server so the API is available on port 8188. Example:

    ~/ComfyUI/venv/bin/python ~/ComfyUI/main.py --listen 127.0.0.1

    Run in the background or in a separate terminal so it keeps running. Then retry the workflow run.

Use ~ (or the user's home) for paths so it works on their machine.

Model weights from URLs

When the user pastes or sends a list of model weight URLs (one per line, or comma-separated), download those files into the ComfyUI installation so the workflow can use them later.

  1. Normalize the list — one URL per line; strip empty lines and comments (lines starting with #).
  2. Run the download script with the ComfyUI base path (default ~/ComfyUI). The script uses pget for parallel downloads when available; if pget is not in PATH, it installs it to ~/.local/bin automatically (no sudo). If pget cannot be installed (e.g. unsupported OS/arch), it falls back to a built-in download. Use the ComfyUI venv Python so the script runs correctly: 
    ~/ComfyUI/venv/bin/python skills/comfyui/scripts/download_weights.py --base ~/ComfyUI
    Pass URLs as arguments, or pipe a file/list on stdin: 
    echo "https://example.com/model.safetensors" | ~/ComfyUI/venv/bin/python skills/comfyui/scripts/download_weights.py --base ~/ComfyUI
    Or save the user's list to a temp file and run: 
    ~/ComfyUI/venv/bin/python skills/comfyui/scripts/download_weights.py --base ~/ComfyUI < /tmp/weight_urls.txt
    To force the built-in download (no pget): add --no-pget.
  3. Subfolder: The script infers the ComfyUI models subfolder from the URL/filename (e.g. vae, clip, loras, checkpoints, text_encoders, controlnet, upscale_models). The user can optionally specify a subfolder per line as url subfolder (e.g. https://.../model.safetensors vae). You can also pass a default with --subfolder loras so all URLs in that run go to models/loras/.
  4. Existing files: By default the script skips URLs that already exist on disk; use --overwrite to replace.
  5. Paths: Files are written under ~/ComfyUI/models/<subfolder>/. Tell the user where each file was saved and that they can run the workflow once the ComfyUI server is (re)started if needed.

Supported subfolders (under ComfyUI/models/): checkpoints, clip, clip_vision, controlnet, diffusion_models, embeddings, loras, text_encoders, unet, vae, vae_approx, upscale_models, and others. Use --subfolder <name> when the auto-inference is wrong.

After run

Outputs are saved under ComfyUI/output/. Use the images list from the script output to locate the files (filename + subfolder).

Always send the output to the user

After a successful ComfyUI run, you must deliver the generated image(s) to the user. Do not reply with only the filename in text or with NO_REPLY.

  1. Parse the script output JSON for images (each has filename, subfolder, type).
  2. Build the full path: ComfyUI/output/ + subfolder + filename (e.g. ComfyUI/output/z-image_00007_.png).
  3. Send the image to the user via the channel they're on (e.g. use the message/send tool with the image path so the user receives the file). Include a short caption if helpful (e.g. "Here you go." or "Tokyo street scene.").

Every successful run must result in the user receiving the image. Never leave them with only a filename or no delivery.

Resources

scripts/

  • comfyui_run.py: Queue a workflow, poll until completion, print prompt_id and images. No args — you edit the JSON before running.
  • download_weights.py: Download model weight URLs into ~/ComfyUI/models/<subfolder>/. Uses pget when available (installs to ~/.local/bin if missing); fallback to built-in download. Input: URLs as args or one per line on stdin. Options: --base, --subfolder, --overwrite, --no-pget. Infers subfolder from URL/filename when not given.

assets/

  • default-workflow.json: Default workflow. Copy and edit (prompt, style, seed) then run with the edited path; or run as-is for a generic run.

Comments

Loading comments...