Is dihan/comfyui-local safe?

https://github.com/openclaw/skills/tree/main/skills/dihan/comfyui-local

89
SAFE

This skill provides legitimate ComfyUI image generation functionality with no malicious behavior detected. It makes network connections to user-specified servers and executes Python code, but both are necessary for its intended purpose.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

LOW Network connectivity to external servers -15

The skill makes HTTP connections to user-specified ComfyUI servers to generate images. While this is required functionality, it represents a potential data flow to external systems.

LOW Executable Python script included -20

The skill contains a Python script (comfy_gen.py) that will be executed by the agent. The code appears safe but represents inherent execution risk.

LOW Configuration-dependent security -20

The skill's security depends on proper user configuration of COMFYUI_SERVER_ADDRESS. Misconfiguration could lead to prompts being sent to unintended servers.