ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ComfyUI Skill

v1.0.0

Generate high-quality images using a local ComfyUI instance. Use when the user wants private, powerful image generation via their own hardware and custom wor...

3· 829·2 current·2 all-time
by@dihan
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (local ComfyUI image generation) matches the included Python script and example workflows. The only required environment variable (COMFYUI_SERVER_ADDRESS) and the workflow files are appropriate for the stated purpose.
Instruction Scope
The SKILL.md stays within the stated purpose (connect to a ComfyUI server, post workflows, download images). Small inconsistencies: SKILL.md emphasizes setting COMFYUI_SERVER_ADDRESS as an env var, but the script requires the server address as a positional argument (the SKILL.md examples use the env var as an argument, so this is workable). The documentation mentions an 'Auto-Backup' sync feature but no code implements syncing beyond saving to image-gens/.
Install Mechanism
Instruction-only with bundled scripts and workflows; there is no install spec or external downloads. Nothing is written to disk by an installer step prior to use beyond the script saving generated images at runtime.
Credentials
Only COMFYUI_SERVER_ADDRESS is required, which is proportional to a local-server integration. No unrelated credentials, secrets, or config paths are requested.
Persistence & Privilege
The skill does not request permanent/always-on inclusion and does not modify other skills or system configurations. It only writes generated images to an image-gens/ folder in its working directory.
Assessment
This skill appears to do what it says: it posts a workflow JSON to a ComfyUI server and downloads the resulting image to image-gens/. Before installing, ensure the COMFYUI_SERVER_ADDRESS points to a trusted, local ComfyUI instance (do not point it at an untrusted remote host). The script trusts the ComfyUI server's response for filenames and will write image files under image-gens/ without sanitizing filename strings — a malicious or remote server could cause unexpected file writes (path traversal or overwriting) or serve unwanted content. If you will use non-local servers, review or harden the script (sanitize filenames, validate server host, restrict target directory). Also review included workflow JSONs for prompts or model names you may not want; the workflows contain explicit prompts/negative prompts and model file references. Finally, confirm 'Enable Dev mode' in ComfyUI only when you trust the host and network.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎨 Clawdis
EnvCOMFYUI_SERVER_ADDRESS
comfyuivk97b7fjcysh1ccsdzzkax00ygs81n55himage-generationvk97b7fjcysh1ccsdzzkax00ygs81n55hlatestvk97b7fjcysh1ccsdzzkax00ygs81n55hlocalvk97b7fjcysh1ccsdzzkax00ygs81n55h
829downloads
3stars
1versions
Updated 5h ago
v1.0.0
MIT-0
@dihan
comfyuiimage-generationlatestlocal
Download

ComfyUI Local Skill

This skill allows OpenClaw to generate images by connecting to a ComfyUI instance running on the local network.

Setup

  1. Server Address: Set the COMFYUI_SERVER_ADDRESS environment variable to your PC's IP and port (e.g., http://192.168.1.119:8189).
  2. API Mode: Ensure "Enable Dev mode" is turned on in your ComfyUI settings to allow API interactions.

Usage

Generate an Image

Run the internal generation script with a prompt:

python3 {skillDir}/scripts/comfy_gen.py "your image prompt" $COMFYUI_SERVER_ADDRESS

Use a Custom Workflow

Place your API JSON workflows in the workflows/ folder, then specify the path:

python3 {skillDir}/scripts/comfy_gen.py "your prompt" $COMFYUI_SERVER_ADDRESS --workflow {skillDir}/workflows/my_workflow.json

Features

  • SDXL Default: Uses a high-quality SDXL workflow (Juggernaut XL) by default.
  • Auto-Backup: Designed to save images to image-gens/ and can be configured to sync to local document folders.
  • Custom Workflows: Supports external API JSON workflows saved in the workflows/ folder. The script will automatically try to inject your prompt and a random seed into the workflow nodes.

Implementation Details

The skill uses a Python helper (scripts/comfy_gen.py) to handle the WebSocket/HTTP handshake with the ComfyUI API, queue the prompt, and download the resulting image.

ComfyUI Image Generation Notes:

  1. Server Address:

    • The ComfyUI server address needs to be passed as a direct argument to the comfy_gen.py script after the prompt, not just as an environment variable.
    • Example: python3 ... "Your prompt" http://192.168.1.119:8189 ...

  2. Workflow Paths:

    • When specifying a workflow file path that contains spaces or special characters, it must be enclosed in single quotes to be parsed correctly by the script.
    • Example: --workflow '/path/to/your/workflow file name.json'

  3. Lora Weight Control:

    • The current comfy_gen.py script does not appear to have a direct parameter for controlling Lora weights (e.g., setting 'l1lly' Lora to 0.90). This might need to be configured within the workflow JSON itself, or require modifications to the script or workflow.

  4. Output Filenames:

    • Generated images might be saved with temporary names (e.g., ComfyUI_temp_...png) rather than more descriptive ones by default.

  5. ComfyUI Setup:

    • Ensure "Enable Dev mode" is turned on in ComfyUI settings for API interactions.

Comments

Loading comments...