ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

comfyui-running

v3.0.2

全自动运行 ComfyUI 工作流:通过 REST API 执行工作流,支持 Windows / Linux / WSL 跨平台。By comfyui资源网 - www.comfyorg.cn

1· 89·0 current·0 all-time
by@agentopen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The files implement exactly what the description says: auto-detect/start ComfyUI, call the local REST API, and control a browser via CDP. That capability justifies scanning local paths and launching local processes. However, registry metadata said no required binaries/envs while SKILL.md metadata and the implementation expect Python and configuration (COMFYUI_ROOT, ports) — a mismatch between declared requirements and actual code.
Instruction Scope
Runtime instructions and code focus on local operations: probing local debug endpoint (http://127.0.0.1:<cdp_port>/json), connecting to local ComfyUI REST endpoints (127.0.0.1:<port>), controlling a browser via CDP, scanning filesystem locations for ComfyUI installations, and starting processes. These are within the stated purpose. A surprising behavior: comfyui_browser.py removes all environment variables containing 'proxy' at module import (it clears proxy env vars at top-level), which is an unexpected side-effect and may affect other network behavior in the agent process.
Install Mechanism
No install spec is provided (instruction-only skill plus code files), so nothing will be downloaded from external URLs by an automated installer. The SKILL.md recommends pip installing 'requests' and 'websockets' which is proportional to the code's use of HTTP and websockets.
!
Credentials
The registry metadata lists no required env vars, yet config.json and the lib modules reference several environment variables (COMFYUI_ROOT, COMFYUI_PORT, CDP_PORT, COMFYUI_WORKFLOWS_DIR, COMFYUI_OUTPUT_DIR, etc.) and the code will read/write a local config.json. The code also enumerates drives and filesystem paths to auto-detect ComfyUI — appropriate for detection but broad in scope. The top-level deletion of proxy-related environment variables (performed at import) is a further disproportionate action that wasn't declared.
Persistence & Privilege
The skill is not marked always:true and doesn't appear to modify other skills or global agent settings. It does spawn local processes (ComfyUI, possibly browser) and writes/updates config.json inside the skill directory — expected for this functionality. No evidence it persists credentials or enables permanent external access.
What to consider before installing
What to consider before installing: - Functionality: This skill automates a local ComfyUI instance and a local browser (CDP). It will scan local drives to find ComfyUI, start ComfyUI if needed, and control a browser tab via the Chrome/Edge debugging port. - Config: You must supply a correct comfyui_root (in config.json or via env vars) or let the skill autodetect. Double-check the skill's config.json before running. - Env mismatch: The registry metadata claims no required env vars, but the code expects COMFYUI_ROOT, CDP_PORT, COMFYUI_PORT, etc. Treat the config.json as required. - Side effects: comfyui_browser.py removes proxy-related environment variables at import time (this affects only the running process but may change networking behavior). If you rely on proxy env vars for other tools, be cautious. - Local-only network: The code talks to 127.0.0.1 endpoints and the browser's debugging websocket; there is no obvious remote exfiltration endpoint in the code/docs, but you should still review the code yourself if you are worried about privacy. - Best practices: Run the skill in a controlled environment (e.g., a dedicated VM or container) if you are uncertain. Inspect config.json and the Python files (comfyui_browser.py, lib/comfyui_*.py) yourself. Ensure no sensitive data resides in the directories the skill will scan or that could be picked up by its filesystem checks. If you want, I can point out the exact lines that remove proxy vars, where env vars are read, and where subprocesses and websocket connections are created so you can review them more easily.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cszpvxc35dbdm2qeybhrxs984emaa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments