ComfyUI Automation
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing third-party code can change the local workspace and run code when ComfyUI or its dependencies are used.
The skill instructs installing ComfyUI and Python dependencies from external sources. This is central to the skill's purpose, but users should trust and review those sources.
git clone https://github.com/comfyanonymous/ComfyUI.git ... pip install -r requirements.txt
Use trusted repositories, prefer pinned versions where possible, keep the virtual environment isolated, and review custom nodes before installing them.
A workflow that requires custom nodes may lead to installing additional third-party Python code in the ComfyUI environment.
Custom node installation is expected for ComfyUI workflows, but the repository is not specified or pinned, so the actual installed code is outside the reviewed artifacts.
locate the corresponding Custom Node repository, clone it into `ComfyUI/custom_nodes/`, and `pip install -r requirements.txt` inside its folder
Confirm the custom node repository with the user, inspect its source and requirements, and avoid installing unknown custom nodes automatically.