Back to skill
Skillv1.1.0
VirusTotal security
Comfyui Workflow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:43 AM
- Hash
- b53341ea433ebecd7ce6486cd7b59bcb50ce89203757b1687c9ec7c4ef8bc0a3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: comfyui-workflow Version: 1.1.0 The skill is classified as suspicious due to its use of `subprocess.run` to execute shell scripts (`comfy_control.sh`) for managing the ComfyUI server, which includes potentially broad commands like `pkill` and `powershell.exe` for process control and system monitoring. Additionally, the `--override` argument in `comfy_run.py` allows arbitrary JSON input to modify any node's parameters within a ComfyUI workflow, creating a significant vulnerability surface for prompt injection or exploitation of underlying ComfyUI custom node vulnerabilities. While these capabilities are intended for legitimate workflow automation and diagnostics, they represent high-risk behaviors that could be misused.
- External report
- View on VirusTotal