Run ComfyUI on Runninghub(e.g.photo-retouching)

Security checks across malware telemetry and agentic risk

Overview

The main RunningHub workflow helper fits its purpose, but the package also includes under-disclosed local Chrome browser automation and plaintext API-key storage that users should review carefully.

Review before installing. Prefer RUNNINGHUB_API_KEY over --save-key, and do not upload private or regulated images unless you trust RunningHub's handling. Avoid running chrome_automation.py unless you intentionally started Chrome with remote debugging and accept that the script can control a local authenticated browser page.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill documentation describes capabilities that read environment variables, write a local config file, access local files, and perform network operations, yet no permissions are declared. This creates a transparency and consent problem: a caller may invoke the skill without understanding it can persist secrets locally and transmit data to external services.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The stated purpose is limited to executing workflows via API, but the documented/observed behavior expands into local secret storage, local file upload, and browser automation through Chrome DevTools/WebSocket inspection. That mismatch is dangerous because users and orchestrators may grant trust based on the narrow description while the skill can access broader local/browser context and perform more invasive actions than expected.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The script drives a local Chrome DevTools instance, opens browser pages, enables Runtime/DOM/Page domains, and executes JavaScript against a live page. That capability is much broader than the skill's stated API-based RunningHub workflow purpose and can be repurposed to inspect browser content, manipulate sessions, or automate arbitrary sites if a user runs it with a listening DevTools instance.

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: The header advertises automated image upload and workflow execution, but the code does not perform those actions and instead falls back to browser inspection with CDP plus a note that upload is not possible. This mismatch can mislead users about what the script actually does, reducing informed consent and making the hidden browser-automation behavior more dangerous in context.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill instructs users to upload local image files to a third-party cloud API but does not prominently warn that local content will leave the device and be stored or processed externally. This can lead to unintentional disclosure of sensitive images or embedded metadata, especially in a workflow tool where users may assume processing is local or transient.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The script creates and later closes Chrome pages through the DevTools HTTP interface without prompting the user or warning that it will alter browser state. While the target is localhost, silently changing browser tabs or pages can disrupt user activity and becomes riskier when combined with debugger-level control.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script sends DevTools commands and uses Runtime.evaluate to run JavaScript in the browser, but this powerful capability is not clearly disclosed as part of the skill's behavior. In the context of an ostensibly API-focused skill, undisclosed browser code execution can expose session data, page contents, and user state if pointed at authenticated pages.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script provides a `--save-key` option that persists the API key in a local JSON config file in the project directory without any warning, permission hardening, or use of OS-backed secret storage. This can expose credentials to other local users, backups, source control mistakes, or accidental disclosure if the workspace is shared.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: `upload_image` reads a local file and sends it to a third-party cloud service, but the tool does not present an explicit privacy or data-transfer warning at the point of upload. In an agent skill context, this can cause users to unintentionally transmit sensitive local images or metadata off-device without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal