OpenClaw ComfyUI
PassAudited by VirusTotal on May 12, 2026.
Overview
Package: comfyui-skill (xpi) Version: 1.0.4 Description: Professional ComfyUI control skill for OpenClaw with token-saving architecture, auto-asset management (Image/Video/Audio), and dynamic security validation. The `comfyui-skill` package provides a Python client (`comfy_client.py`) to interact with a ComfyUI instance via its API. It supports dynamic workflow execution, including text-to-image and image-to-image tasks, with features like automatic asset upload and result downloading. The script reads ComfyUI host and port from `TOOLS.md`, ensuring user-controlled configuration. It implements a whitelist for file extensions (`.jpg`, `.png`, `.mp4`, etc.) during uploads, preventing arbitrary file execution or sensitive data exfiltration through the ComfyUI server. Generated output files are saved to a dedicated `outputs/comfy/` directory within the workspace. The script dynamically modifies ComfyUI workflow JSONs (located in `workflows/`) to inject prompts, input image filenames, and desired resolutions, which is standard behavior for ComfyUI automation. All network communication is directed solely to the user-configured ComfyUI endpoint. There is no evidence of arbitrary code execution, unauthorized network activity, or malicious file system manipulation. The package adheres to expected functionality for an agent skill interacting with a local or user-specified ComfyUI instance.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad ComfyUI server response could overwrite local files that the agent process can access, potentially including workspace or agent configuration files.
The local output path is built directly from a filename returned by the ComfyUI history response. If the configured ComfyUI host is malicious or compromised, path components or absolute paths in that filename could cause writes outside outputs/comfy.
local = download_file(img["filename"], img["subfolder"], img["type"]) ... file_path = os.path.join(OUTPUT_DIR, filename) with open(file_path, "wb") as f:
Sanitize downloads by using a safe basename, rejecting absolute paths and '..' segments, normalizing the final path, and verifying it remains inside the intended output directory before writing.
Any selected input media may be sent to the configured ComfyUI host and may be visible to whoever operates that host or network.
The skill uploads user-selected files to the configured ComfyUI service over HTTP. This is purpose-aligned, but it is a sensitive data flow when the input image, video, or audio is private.
COMFY_URL = f"http://{COMFY_HOST}:{COMFY_PORT}"
...
res = requests.post(f"{COMFY_URL}/upload/image", files=files)Use only a trusted local or private ComfyUI host, avoid sensitive input files unless intended, and consider a protected network or HTTPS-capable proxy for remote hosts.
Manual installation may pull code or dependencies that differ from the reviewed artifact set.
The README documents manual installation from an external GitHub repository and an unpinned pip dependency. This is a normal setup pattern, but the registry install spec does not pin or verify these sources.
git clone https://github.com/SalmonRK/OpenClaw-ComfyUI comfyui ... pip3 install requests
Install from a trusted source, review the cloned code before use, and pin dependency versions where possible.
If ComfyUI never returns a completed job, the command may keep running and occupy the agent session until manually stopped.
The script polls indefinitely until the ComfyUI job appears in history. This is not hidden persistence, but it lacks a timeout or cancellation limit.
while True:
history = check_history(prompt_id)
...
time.sleep(2)Add a maximum wait time, retry limit, and clear cancellation behavior.