← Back to directory

This skill may be intentionally malicious

One or more detected patterns suggest a deliberate attack chain rather than a coding mistake. Review carefully before installing.

Public SkillFlagged

comfyui

[kshitijk4poor, alt-glitch, purzbeats] · v5.1.0

Generate images, video, and audio with ComfyUI — install, launch, manage nodes/models, run workflows with parameter injection. Uses the official comfy-cli for lifecycle and direct REST/WebSocket API for execution.

Security Summary

This skill includes a SKILL.md descriptor and ships with evals, reference documentation, and scripts. 5 critical and 6 advisory security observations were identified — review the findings below for details.

Source
GitHub
Published
Jun 2, 2026
License
MIT

Vettd Verdict

The overall verdict combines pass, warning, and failure signals across our checks. Click to see how each check is computed.
F

Skill failed: 1 hard fail in security or structure checks.

  • · Remote code execution via pipe to shell
  • · Safety bypass flag detected
  • · References external URL — review for indirect prompt injection risk
  • · Description suggests benign skill but code contains malicious security patterns
6
Critical
8
Medium
30
Info
Open Repo on GitHub

Link points to the repository’s default branch (current HEAD). Certification reflects the state of the repo on Jun 2, 2026. Scanned at 40ae1706.