Skillv2.0.0

ClawScan security

Comfyui · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 4:25 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its advertised local ComfyUI image-generation purpose, but a few implementation choices are disproportionate or risky (notably aggressive process-killing and hard-coded Windows paths), so review before installing.
Guidance: What to check before installing/running: - Inspect scripts that manage processes (scripts/comfyui_service.py and comfyui.py). They call Windows taskkill and in at least one place attempt to kill all python.exe instances (taskkill /F /IM python.exe). Replace or remove broad kills to avoid terminating unrelated Python processes. - Confirm Feishu behavior: open scripts/feishu_image_sender.py and send_comfyui_image.py to see whether they require or embed Feishu API tokens or send to external webhooks. If they do, ensure tokens are not hard-coded and understand where credentials must be stored. - Update hard-coded paths (G:\, F:\) to match your machine or make them configurable; otherwise the skill may fail or operate on unexpected files. - Because the skill launches local binaries (ComfyUI.exe) and uses taskkill, run it in an isolated environment or on a machine where killing processes is acceptable (e.g., a dedicated GPU workstation), not on a shared server with other user processes. - If you want to proceed, run a code review of the remaining omitted files (download_weights.py and feishu sender scripts) to ensure they don't download arbitrary executables from untrusted URLs or exfiltrate data. Confidence note: medium — the code is coherent with the described purpose, but the aggressive process-killing and ambiguous Feishu-sending are concrete, disproportionate behaviors that warrant caution.

Review Dimensions

Purpose & Capability: noteName/description align with the code: it manages a local ComfyUI instance, queues workflows (text->image, img2img, ControlNet), shows progress and can send images to Feishu. The declared required packages (websocket-client) and python3 in metadata are plausible. However the implementation embeds hard-coded, Windows-specific absolute paths (e.g. G:\comfyui\ComfyUI.exe, F:\comcyui 模型\...) which limit environments where it works and suggest the package is targeted at a specific machine/setup. That is not malicious per se but is surprising compared to a generic skill description.
Instruction Scope: concernRuntime instructions and scripts directly start/stop local executables, call ComfyUI HTTP/websocket endpoints, copy generated files into the agent workspace (~/.openclaw/... ) and reference a Feishu send flow. Of particular concern: several scripts call taskkill to terminate processes, and comfyui_service.py attempts to kill all python.exe processes (taskkill /F /IM python.exe). That is aggressive and can terminate unrelated user processes. The SKILL.md's messaging snippet uses message.send(channel="feishu", ...), which likely leverages the platform's messaging tool, but the repository also includes feishu_image_sender.py — it is unclear whether that sends directly to Feishu (requiring credentials) or uses platform-provided messaging. The instructions do not request or document Feishu credentials, so the Feishu-send behavior should be reviewed in the included feishu scripts before use.
Install Mechanism: okThere is no install spec (instruction-only skill) so nothing is downloaded or installed by the platform. The code files are included in the skill bundle. This lowers supply-chain risk compared to remote download installers, but the included scripts will run local executables and perform filesystem/process actions when invoked.
Credentials: noteThe skill declares no required environment variables or external credentials. That is coherent for a local-only ComfyUI controller. However: the code references platform-local paths (user drives and the home directory), writes a state file into the skill directory, and copies images into ~/.openclaw/workspace. The presence of Feishu-sending features without declared Feishu credentials is ambiguous — they may rely on the OpenClaw messaging bridge (message.send) rather than storing tokens, but you should inspect scripts/feishu_image_sender.py and send_comfyui_image.py to confirm whether any external tokens/URLs are used or required.
Persistence & Privilege: concernThe skill does not request always: true and is user-invocable (normal). It writes a local state file and can auto-start/stop a local ComfyUI process—expected. However, the service manager forcibly kills processes (taskkill /F /IM ComfyUI.exe and, worryingly, taskkill /F /IM python.exe in some code paths), which is a privilege/impact decision: it can disrupt unrelated Python programs on the host. That level of system-wide process termination is disproportionate to simply managing a single ComfyUI process and increases blast radius if run on a multi-process host.