Skills
skills/huangyuchuh/comfyui_skills_openclaw/comfyui-skill-openclaw/Gen Agent Trust Hub

comfyui-skill-openclaw

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes system commands to manage the ComfyUI environment and its own execution.
  • Uses subprocess.run to call git clone and pip install for installing ComfyUI custom nodes (found in ui/dependency_installer.py).
  • Uses subprocess.run to bridge Web UI actions to the comfyui-skill CLI (found in ui/app.py).
  • Uses os.execv in scripts/shared/updater.py to restart the server process after a system update.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with external services to fetch configurations and updates.
  • Downloads ComfyUI node mapping data from raw.githubusercontent.com/Comfy-Org/ComfyUI-Manager (found in ui/dependency_registry.py).
  • Fetches and downloads pre-built frontend assets from the author's GitHub repository (HuangYuChuh/ComfyUI_Skills_OpenClaw-frontend) to perform UI updates (found in scripts/shared/frontend_update.py).
  • [SAFE]: The skill implements security controls to protect the host environment.
  • In ui/services.py, the get_workflow_history_image_path function validates that requested image paths are within the authorized output directory, preventing directory traversal attacks.
  • Sensitive configurations like authentication tokens and API keys are managed through a config.json file rather than being hardcoded.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 04:21 AM