ClawHub

Image with ComfyUI

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends user-provided prompts and images to a configured ComfyUI server and saves the generated media for delivery back to the requester.

Install this only if you control or trust the ComfyUI endpoint in COMFYUI_URL. Prompts, source images, and generated media are sent to that server, and outputs are saved locally plus potentially in ComfyUI's own output storage. Review output directories and clean up generated media if it may contain private content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill does more than image generation: it instructs the agent to copy outputs into a global outbound media directory and emit channel-specific delivery commands. This expands the blast radius from local processing to cross-session/message delivery behavior, increasing the risk of accidental data disclosure, wrong-recipient delivery, or abuse of a shared outbound path.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to configure an arbitrary ComfyUI API endpoint but does not clearly disclose that prompts and image inputs will be transmitted to that endpoint. Because prompts and uploaded images may contain sensitive or proprietary data, this omission can cause users to send data to a remote host under false assumptions that processing is purely local.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow writes generated video output to disk automatically via Video Combine nodes with save_output enabled and a fixed filename_prefix. In an agent skill context, silent persistence can expose sensitive user prompts or generated media, create unintended retention of potentially private content, and surprise users who may expect transient processing only.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
This finding corresponds to still-image saving behavior in the workflow without any in-file disclosure to the user. Silent image persistence can retain sensitive generated frames or source-derived content on disk, which may later be accessed by other users, processes, or backups.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The workflow loads a local image file as input, which means it reads from local disk without any embedded disclosure or consent mechanism. In isolation this is expected for image-to-video, but in an agent-driven environment it can still surprise users and may inadvertently process sensitive local files if input selection is not tightly controlled elsewhere.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
Another still-image save path exists in the workflow, again persisting output without user-facing notice. Multiple save points increase the chance of unexpected retention of sensitive media and make cleanup harder, especially when users assume only the final video is produced.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal