comfyui-agent-skill-mie
PassAudited by ClawScan on May 4, 2026.
Overview
The skill is a coherent ComfyUI media-generation CLI, but users should trust the install source and ComfyUI server because it can run local commands, upload selected media, and save outputs or configuration.
Before installing, verify the package source, use only a local or trusted ComfyUI server, avoid unreviewed workflow JSON, and only persist a server URL or choose output directories when you explicitly want that behavior.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run local commands that consume compute resources and create generated media files.
The skill instructs the agent to run a local CLI, which is expected for this purpose, and it also scopes use to reviewed workflows.
Source mode: use `uv run --no-sync python -m comfyui` ... Use registered workflows only. Do not run arbitrary unreviewed ComfyUI workflow JSON.
Use the skill only for requested generation tasks, keep the registered-workflow restriction, and avoid arbitrary workflow JSON unless it has been reviewed.
Installing the package gives the CLI code local execution ability in the user's environment.
The skill recommends installing executable code from an external package source; this is normal for the CLI workflow but should be verified because the registry install spec is empty.
Recommended install (tool-install mode): ```bash pipx install comfyui-agent-skill-mie ```
Install only from the expected package/repository, prefer pinned or reviewed versions where possible, and review package provenance before use.
Private prompts or input images could be exposed to whoever controls the configured ComfyUI endpoint.
Prompts and, for image workflows, selected local images may be sent to the configured ComfyUI server.
Supports image, video, music, and speech generation on a local or trusted self-hosted ComfyUI server (default http://127.0.0.1:8188).
Use only a local or trusted self-hosted ComfyUI server, and do not point the skill at untrusted public endpoints.
A saved server URL could cause later generations to use that same endpoint.
The skill can persist a server URL that affects future runs, but the instructions require explicit user intent and prefer one-off configuration.
Do not create or edit `config.local.json` unless the user explicitly wants a persistent server URL. For one-off runs, use `--server` or `COMFYUI_URL`.
Save a persistent server URL only when you intend future runs to use it; otherwise use the per-command `--server` option.