Contextui
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A workflow backend could be reachable by other devices on the local network, and browser pages may be able to call it if the OS firewall allows access.
This is presented as the standard Python backend pattern, but it permits any browser origin and binds the server to all network interfaces instead of localhost.
app.add_middleware(CORSMiddleware, allow_origins=["*"], allow_methods=["*"], allow_headers=["*"]) ... uvicorn.run(app, host="0.0.0.0", port=port)
Change generated backends to bind to 127.0.0.1 by default and restrict CORS to the ContextUI app or localhost origins unless the user explicitly chooses network exposure.
Using this skill may install Python packages and run local backend processes for workflows.
The skill documents local package installation and starting Python backend servers, which is expected for ContextUI workflows but still executes local code and installs dependencies.
Python detection → venv selection → GPU detection → package installation (GPU-aware) → server start/stop → connection polling
Review package lists and backend code before installing dependencies or starting servers, especially for workflows from third parties.
If you provide an API key, the agent may be able to publish, update, comment, like, download, or delete marketplace resources depending on account permissions.
The optional Exchange API key is purpose-aligned for marketplace publishing and downloads, but it lets the agent act as the user's ContextUI Exchange account.
All requests require the key in the Authorization header: Authorization: Bearer ctxk_your_key_here
Only provide the API key when needed, prefer least-privilege or revocable keys if available, and manually approve publishing, deletion, billing, or account-changing actions.
The behavior depends partly on external local ContextUI/MCP files that are not fully represented in the supplied artifact text.
Important helper code for dependency installation and server control is referenced from the local ContextUI installation rather than included in the skill artifacts reviewed here.
Always copy `ui/ServerLauncher/` from `examples/KokoroTTS/ui/ServerLauncher/` ... The source code is maintained in the canonical location. Do not embed copies in documentation
Use a trusted ContextUI installation and review the referenced ServerLauncher/MCP code before relying on it for package installation or server execution.
The agent may be able to see UI contents and perform clicks or typing inside ContextUI during workflow testing.
The MCP tool surface can observe and interact with the ContextUI app window, which is central to testing workflows but can expose visible UI content to the agent.
ui_screenshot — Capture a screenshot of the current workflow or app window ... ui_get_dom — Get the DOM tree structure of the current workflow ... ui_type — Type text into an input field
Avoid displaying sensitive information in ContextUI while the skill is active, and review UI automation actions before allowing them on important workflows.