ClawHub

Comfyui Automation Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent RunningHub/ComfyUI automation tool, but users should understand that prompts, selected files, workflow inputs, and optional webhook data may be sent to RunningHub.

Install only if you are comfortable sending your RunningHub API key, workflow prompts, node parameters, selected local media files, image URLs, and optional webhook URL to RunningHub. Avoid confidential or regulated files unless you have reviewed RunningHub's privacy and retention terms, and only use webhook endpoints you control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tainted flow: 'payload' from input (line 652, user input) → requests.post (network output)

Medium
Category
Data Flow
Content
if webhook_url:
                payload["webhook"] = webhook_url
            
            response = requests.post(
                api_endpoint,
                headers=self.headers,
                json=payload
Confidence
88% confidence
Finding
response = requests.post( api_endpoint, headers=self.headers, json=payload )

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The script is described as a workflow execution tool, but when lookup fails it silently pivots into interactive workflow creation logic. That expands the effective capability of the skill beyond the documented execution scope, which is dangerous because users or orchestrators may grant trust assuming read/execute-only behavior while the tool can create new workflow definitions and alter downstream processing expectations.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill's execution flow includes uploading arbitrary local files to a remote service, which materially changes the privacy and security impact of using it. In an agent setting, this can expose sensitive local data if a user or higher-level system provides a path without fully understanding that the file contents are transmitted off-host.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest claims to automate ComfyUI workflows, but the only declared secret is a RunningHub API key, which suggests the skill may actually operate against a different backend than advertised. This mismatch can mislead users about where credentials are sent and what external service receives workflow data, increasing the risk of unintended credential disclosure or covert data exfiltration through an undeclared provider.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states that local files may be automatically uploaded to RunningHub and that network image URLs can be used, but it does not clearly warn users that their data will be transmitted to a third-party service or describe the privacy implications. This creates a real security and privacy risk because users may provide sensitive local files or internal URLs without informed consent, potentially exposing confidential data or triggering server-side fetches of untrusted resources.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Sensitive workflow inputs, prompts, media references, and processing parameters are sent to an external API, but the user is not clearly warned about the scope of disclosure. Given this skill also supports uploading local files and arbitrary workflow content, the context makes this more dangerous because users may unknowingly transmit confidential data or internal assets to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal