Trust Assessment
comfy-ai received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 4 critical, 0 high, 4 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Missing required field: name, Sensitive environment variable access: $HOME.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/tullyhu/comfy-ai/bin/generate.sh:6 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/tullyhu/comfy-ai/generate.sh:6 | |
| CRITICAL | Unsanitized user input in 'cp' command leads to command injection The script directly uses the second argument (`$2`), which represents an uploaded image path (`$IMAGE_PATH`), in a `cp` command without proper sanitization or escaping. If `$2` contains shell metacharacters (e.g., `;`, `|`, `&`, `$()`, `` ` ``), an attacker can inject and execute arbitrary shell commands on the host system. For example, if `$2` is crafted as `valid_image.png; rm -rf /; #`, the `rm -rf /` command would be executed. Validate and sanitize the `$IMAGE_PATH` variable to ensure it contains only a valid file path and no shell metacharacters. Consider using `printf %q` to properly quote the variable if it must be passed to a shell command, or use a more robust method for handling file paths from untrusted input, such as a Python script using `subprocess.run` with `shell=False` and passing arguments as a list. Alternatively, ensure the calling environment strictly sanitizes arguments before passing them to the script. | LLM | bin/generate.sh:40 | |
| CRITICAL | Unsanitized user input in 'cp' command leads to command injection The script directly uses the second argument (`$2`), which represents an uploaded image path (`$IMAGE_PATH`), in a `cp` command without proper sanitization or escaping. If `$2` contains shell metacharacters (e.g., `;`, `|`, `&`, `$()`, `` ` ``), an attacker can inject and execute arbitrary shell commands on the host system. For example, if `$2` is crafted as `valid_image.png; rm -rf /; #`, the `rm -rf /` command would be executed. Validate and sanitize the `$IMAGE_PATH` variable to ensure it contains only a valid file path and no shell metacharacters. Consider using `printf %q` to properly quote the variable if it must be passed to a shell command, or use a more robust method for handling file paths from untrusted input, such as a Python script using `subprocess.run` with `shell=False` and passing arguments as a list. Alternatively, ensure the calling environment strictly sanitizes arguments before passing them to the script. | LLM | generate.sh:40 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/tullyhu/comfy-ai/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/tullyhu/comfy-ai/bin/generate.sh:102 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/tullyhu/comfy-ai/generate.sh:105 | |
| MEDIUM | Skill writes generated files to user's Desktop The `bin/generate.sh` script copies generated images to the user's `~/Desktop/` directory. While this might be intended for user convenience, it represents an overly broad permission to write outside the skill's dedicated directories. This could lead to cluttering the user's desktop or, in conjunction with other vulnerabilities, potentially overwriting important user files if `IMAGE_FILENAME` could be manipulated (though `basename` mitigates this for the filename itself). The `generate.sh` script correctly writes to the skill's `output` directory, which is a better practice for sandboxing. Modify the script to save generated images within the skill's designated output directory (e.g., `$(pwd)/output/`) instead of the user's Desktop. This improves sandboxing and reduces potential side effects on the user's system. | LLM | bin/generate.sh:80 |
Scan History
Embed Code
[](https://skillshield.io/report/02de740a9fef23a1)
Powered by SkillShield