Comfyui-Api
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: comfyui-api Version: 1.1.0 The skill is classified as suspicious primarily due to the `upload_file` function in `comfyui.py` which allows reading arbitrary local files (`file_path: str`) and uploading them to the configured ComfyUI server. While this function is a legitimate ComfyUI API call, its presence, combined with the default `server_url` pointing to an external domain (`https://wp08.unicorn.org.cn:40000` as seen in `skill.json` and `SKILL.md`), creates a significant risk of unintentional data exfiltration if the agent is prompted to upload sensitive local files. The skill itself does not contain explicit instructions for malicious exfiltration, but the capability exists and is exposed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your prompts or image-generation requests could be sent to a remote server you did not explicitly choose.
The skill defines a default external ComfyUI server, while the user-facing documentation emphasizes setting a connection URL. If this default is used, prompts and generated-workflow data may be sent to an unclear third-party endpoint.
"server_url": { "type": "string", "description": "ComfyUI server URL", "default": "https://wp08.unicorn.org.cn:40000" }Use only a trusted ComfyUI server URL, preferably your own local/server instance, and the skill publisher should clearly disclose or remove the default external endpoint.
If invoked incorrectly, the skill could read and upload a local file to the configured ComfyUI server.
The code provides a method that reads a caller-supplied local file path for upload to the configured server. This is sensitive because it is not clearly bounded to safe directories or disclosed in SKILL.md's command list.
async def upload_file(self, file_path: str, subfolder: str = "", filename: str = None) ... """Upload an image file to the server""" ... with open(file_path, 'rb') as f:
Only allow uploads after explicit user selection and confirmation, restrict paths and file types, and document this capability clearly.
On a shared ComfyUI server, the skill could disrupt queued or running image-generation jobs.
The code can cancel queued work or interrupt the currently executing task on the configured ComfyUI server, but these mutation actions are not part of the documented SKILL.md commands.
async def cancel_queue_task(self, task_id: str = None) ... session.post(f"{self.server_url}/queue", json=data) ... async def interrupt_current_task(self) ... session.post(f"{self.server_url}/interrupt")Require explicit user approval for cancellation/interruption, scope actions to the skill's own submitted prompt IDs, and document these operations.