OpenClaw ComfyUI
ReviewAudited by ClawScan on May 10, 2026.
Overview
This ComfyUI skill mostly matches its stated purpose, but it saves server-named downloads without path sanitization, which could let a hostile or compromised ComfyUI host write files outside the intended output folder.
Review or patch the downloader before installing, especially if you will connect to any remote or shared ComfyUI host. Only upload media you intend to share with that host, install from trusted sources, and consider adding filename sanitization and a polling timeout.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad ComfyUI server response could overwrite local files that the agent process can access, potentially including workspace or agent configuration files.
The local output path is built directly from a filename returned by the ComfyUI history response. If the configured ComfyUI host is malicious or compromised, path components or absolute paths in that filename could cause writes outside outputs/comfy.
local = download_file(img["filename"], img["subfolder"], img["type"]) ... file_path = os.path.join(OUTPUT_DIR, filename) with open(file_path, "wb") as f:
Sanitize downloads by using a safe basename, rejecting absolute paths and '..' segments, normalizing the final path, and verifying it remains inside the intended output directory before writing.
Any selected input media may be sent to the configured ComfyUI host and may be visible to whoever operates that host or network.
The skill uploads user-selected files to the configured ComfyUI service over HTTP. This is purpose-aligned, but it is a sensitive data flow when the input image, video, or audio is private.
COMFY_URL = f"http://{COMFY_HOST}:{COMFY_PORT}"
...
res = requests.post(f"{COMFY_URL}/upload/image", files=files)Use only a trusted local or private ComfyUI host, avoid sensitive input files unless intended, and consider a protected network or HTTPS-capable proxy for remote hosts.
Manual installation may pull code or dependencies that differ from the reviewed artifact set.
The README documents manual installation from an external GitHub repository and an unpinned pip dependency. This is a normal setup pattern, but the registry install spec does not pin or verify these sources.
git clone https://github.com/SalmonRK/OpenClaw-ComfyUI comfyui ... pip3 install requests
Install from a trusted source, review the cloned code before use, and pin dependency versions where possible.
If ComfyUI never returns a completed job, the command may keep running and occupy the agent session until manually stopped.
The script polls indefinitely until the ComfyUI job appears in history. This is not hidden persistence, but it lacks a timeout or cancellation limit.
while True:
history = check_history(prompt_id)
...
time.sleep(2)Add a maximum wait time, retry limit, and clear cancellation behavior.