ClawHub

Comfyui V8

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local ComfyUI helper, but users should only point its startup feature at a trusted ComfyUI installation.

Install this only if you want an assistant for a local ComfyUI V8/Aki bundle. Before using the startup command, verify the configured ComfyUI path contains files you trust, because it can run that bundle's launcher or batch file. Review workflow save locations if preserving existing workflows matters, and use InstantID only with face images you are allowed to process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
subprocess.Popen([self.launcher_exe], cwd=self.comfy_path)
            else:
                result.append("✅ 启动ComfyUI核心服务")
                subprocess.Popen([self.start_bat], cwd=self.comfy_path, shell=True)
            time.sleep(3)
            result.append("✅ 启动成功!浏览器访问:http://127.0.0.1:8188")
            result.append("ℹ️ 绘世启动器可管理内核、插件、模型、一键更新")
Confidence
97% confidence
Finding
subprocess.Popen([self.start_bat], cwd=self.comfy_path, shell=True)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list includes broad terms such as 'ComfyUI', '工作流', and related generic phrases that may match ordinary conversation and invoke the skill unintentionally. Accidental activation becomes more risky here because the skill also appears capable of filesystem and shell actions, so an unintended trigger could lead to unexpected local operations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill describes generating workflows and saving images but does not warn users that files will be written to disk, potentially consuming storage or exposing sensitive prompts and generated content in predictable locations. In a local desktop context, silent persistence of outputs can create privacy, integrity, and operational issues, especially if files overwrite existing content or are stored in shared folders.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The InstantID workflow processes face images but lacks a privacy notice about handling biometric-like data, retention, and storage of source/reference images and outputs. Face-image processing is more sensitive than ordinary image generation because users may unknowingly submit personal or third-party photos, creating elevated privacy and consent risks.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal