Portrait Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent portrait-generation skill, but it relies on an external ComfyDeploy workflow and a bearer API key, so users should know what data and account access they are sharing.
This skill appears safe to install if you intend to use ComfyDeploy for portrait generation. Before using it, confirm you trust the referenced workflow, use a limited API key if possible, and avoid submitting private likeness or identity details you do not want shared with the provider.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may consume ComfyDeploy account quota or costs tied to the provided API key.
The skill tells the agent to use a bearer API key for ComfyDeploy. This is expected for the service, but it grants account authority to queue workflow runs.
"Authorization": "Bearer YOUR_API_KEY"
Use a dedicated or least-privileged ComfyDeploy key if available, verify the endpoint before sharing the key, and monitor account usage.
Portrait prompts may include sensitive likeness or identity details that are shared with the external provider.
The skill sends free-text portrait details and facial/identity attributes to an external ComfyDeploy API. This is purpose-aligned, but the artifact does not describe retention or privacy boundaries.
POST https://api.comfydeploy.com/api/run/deployment/queue ... "brief_text": "", "sex": "auto", "ethnicity": "auto"
Avoid sending private or identifying details unless you are comfortable sharing them with ComfyDeploy and the configured workflow.
The generated output and handling of submitted prompts depend on the remote ComfyDeploy workflow behind that deployment ID.
The functional workflow is a remote deployment identified by ID rather than local reviewed code. That is disclosed and central to the purpose, but users rely on the external workflow’s provenance.
This skill generates AI portraits via the Morfeo Portrait workflow on ComfyDeploy ... DEPLOYMENT ID: 0b82e690-9a08-4d1f-85f8-28849d16caa4
Install only if you trust the publisher and the referenced ComfyDeploy deployment; verify the deployment/account ownership where possible.