ComfyUI Automation

Security checks across malware telemetry and agentic risk

Overview

This is a coherent ComfyUI helper, but it can lead an agent to install unvetted custom node code without clear confirmation or safety boundaries.

Install only if you are comfortable with the agent cloning repositories, installing Python packages, and downloading model files into your ComfyUI workspace. Confirm each custom node repository and model URL yourself, prefer trusted sources and pinned commits, and avoid automatic installation of unknown custom nodes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill directs the agent to locate arbitrary custom node repositories, clone them into ComfyUI, and install their Python dependencies. That effectively expands the skill from workflow automation into execution of untrusted third-party code, which can lead to arbitrary code execution, credential access, filesystem modification, or persistence if a malicious or compromised repository is installed.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The instructions tell the agent to clone third-party custom node repositories and install their requirements without any explicit warning that this executes untrusted code. In this skill context, ComfyUI custom nodes are Python extensions with broad local execution capability, so omitting the warning makes unsafe installation more likely and increases the chance of supply-chain compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal