Back to skill
Skillv2.0.0
VirusTotal security
Comfyui · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:27 AM
- Hash
- 2f3082f50d609c8f41e7831d5c09e1e0e7874c9e17927d1c8a191918c8ac7b36
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: comfyui-pro Version: 2.0.0 The skill bundle exhibits high-risk behaviors including the automated download and execution of an external binary (pget) from GitHub in 'scripts/download_weights.py' and the programmatic extraction of sensitive API tokens from the user's global configuration file ('~/.openclaw/openclaw.json') in 'scripts/feishu_image_sender.py'. While these functions support the stated features of model downloading and Feishu integration, they create significant vectors for Remote Code Execution (RCE) and credential theft. Additionally, the bundle contains hardcoded absolute Windows paths and an NSFW image generation prompt in 'assets/tmp-workflow.json', suggesting it is a poorly sanitized port of a specific local environment.
- External report
- View on VirusTotal