Security audit

ComfyUI DirectML AMD

Security checks across malware telemetry and agentic risk

Overview

This is a ComfyUI setup helper whose local patching and download guidance are disclosed and aligned with its AMD DirectML purpose, though users should review the commands before running them.

Install only if you intend to patch a local Windows ComfyUI setup for AMD DirectML. Before running apply-directml-fixes.py, confirm the target ComfyUI directory, keep the generated backup, and review the resulting model_patcher.py change. Avoid Stop-Process -Force unless you have confirmed the exact process to terminate, and inspect any separately obtained downloader or benchmark scripts before running them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README tells users to run a forceful process-termination command against Python processes matching a ComfyUI path, but it does not warn that Stop-Process -Force can immediately kill active jobs, unsaved work, or other matching Python-based tooling. In a setup guide, users are likely to copy-paste troubleshooting commands, so the lack of a safety warning makes this a real operational safety issue even if it is not an exploit in the traditional sense.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs users to run an automated fix script that modifies ComfyUI source files, but the documentation does not clearly warn that first-party code will be altered or describe the risks of patch drift, breakage, or supply-chain trust in the script itself. In a security-sensitive setup workflow, silent source modification increases the chance that users execute unreviewed code changes with broad local file access.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill advertises a PowerShell script that downloads multi-gigabyte models but does not warn about network activity, destination paths, bandwidth consumption, disk usage, or source trust. While this is not inherently malicious, users may run it without understanding that it performs large external downloads, which creates avoidable operational and supply-chain risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.