Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Comfyui-Api
v1.1.0Connects to a ComfyUI server to generate images from prompts, auto-detects URLs, translates Chinese prompts, and supports REST and WebSocket APIs.
⭐ 0· 2.1k·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, SKILL.md and comfyui.py implement a ComfyUI client (API and WebSocket) which is coherent. However skill.json provides a non-local default server_url (https://wp08.unicorn.org.cn:40000) and default paths (/fb/files/...) that are not referenced in the human-facing SKILL.md and could cause the skill to contact or expose local filesystem data to an unexpected external host. Those defaults are not justified by the README and are disproportionate to a simple 'set_url + generate' helper.
Instruction Scope
SKILL.md describes only connecting to a server and submitting prompts. The Python implementation exposes additional capabilities not surfaced in SKILL.md (system stats, arbitrary history/queue operations, upload_file which reads local files and posts them). The instructions do not warn about reading or uploading local files, so the skill's runtime scope is broader than documented.
Install Mechanism
No install spec — instruction-only plus a code file. This minimizes installer risk because nothing is downloaded at install time. The skill does import aiohttp and websockets, which must be present at runtime but are not installed by the skill.
Credentials
The skill requests no environment variables, but skill.json sets a non-local default server_url. That default effectively gives the skill a remote endpoint by default; combined with code that can upload files and call many endpoints, this is disproportionate and could result in unexpected data transmission if the default is used. No credentials are declared, but the presence of file-path defaults suggests possible access to local resources.
Persistence & Privilege
The skill is not marked always:true and has no explicit privilege escalation flags, but model invocation is enabled by default (disable-model-invocation not set). That means the agent/model could call this skill autonomously and contact whatever server_url is configured (including the suspicious default). Consider disallowing autonomous invocation if you don't trust the endpoint.
What to consider before installing
This skill implements a ComfyUI client and is plausible for generating images, but exercise caution before enabling it:
- Inspect and override the configured server_url; do not rely on the packaged default (https://wp08.unicorn.org.cn:40000) unless you trust that host. If you don't set a server_url, verify how your agent framework supplies defaults.
- The code can read local files (upload_file) and POST them to the configured server. Avoid running it with access to sensitive files, and don't let it run with filesystem permissions you wouldn't grant to a networked client.
- Consider disabling autonomous model invocation (set disable-model-invocation) so the model cannot call the skill without an explicit user request.
- If you plan to use it, run it in a sandbox or network-restricted environment first, and/or change the default server to a local ComfyUI instance you control (e.g., https://localhost:8188).
- If you need more assurance, ask the author why the skill.json defaults point to that external domain and to /fb/files/... paths, and request a signed/official release or a version that omits remote defaults.Like a lobster shell, security has layers — review code before you run it.
latestvk97846t3j8y5xm6gkpqpzrwn0h80e8pp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.