cinematic-kling Security Report — Trusted | ClawSafe

0 /100

cinematic-kling

Generate 5-second cinematic AI videos using Kling via ComfyDeploy

Legitimate Cinematic Kling video generation skill that integrates with ComfyDeploy API. Uses curl/bash for API operations and reads environment variables for API key authentication — all documented and necessary for the declared functionality.

Skill Namecinematic-kling

Duration25.3s

Enginepi

✓

Safe to install

No action required. The skill is a straightforward API integration tool with no security concerns.

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:107-113 curl commands for API calls
Environment	`READ`	`READ`	✓ Aligned	SKILL.md:106 source ~/clawd/.env; SKILL.md:217 os.environ['COMFY_DEPLOY_API_KEY'…
Network	`READ`	`READ`	✓ Aligned	SKILL.md:98-103 API calls to api.comfydeploy.com
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:156 mkdir -p ~/clawd/output; SKILL.md:158-162 curl downloads to output …

6 findings

🔗

Medium External URL 外部 URL

https://api.comfydeploy.com/api/run/deployment/queue

SKILL.md:20

🔗

Medium External URL 外部 URL

https://api.comfydeploy.com/api/file/upload

SKILL.md:95

🔗

Medium External URL 外部 URL

https://comfy-deploy-output.s3.us-east-2.amazonaws.com/inputs/img_XXXX.jpg

SKILL.md:103

🔗

Medium External URL 外部 URL

https://api.comfydeploy.com/api/run/$RUN_ID

SKILL.md:133

🔗

Medium External URL 外部 URL

https://comfy-deploy-output.s3.us-east-2.amazonaws.com/outputs/runs/$RUN_ID

SKILL.md:165

🔗

Medium External URL 外部 URL

https://api.comfydeploy.com/api/run/

SKILL.md:241

File Tree

1 files · 10.4 KB · 276 lines

Markdown 1f · 276L

└─ 📝 SKILL.md Markdown 276L · 10.4 KB

Security Positives

✓ No executable scripts present — only documentation in markdown

✓ All network requests go to documented ComfyDeploy API endpoints only

✓ API key access is explicitly declared and necessary for API authentication

✓ No sensitive file access (no ~/.ssh, ~/.aws, .env scanning)

✓ No obfuscation techniques detected (no base64, eval, atob)

✓ No data exfiltration — outputs are downloaded to local directory only

✓ No credential harvesting beyond the single required API key

✓ File write operations limited to designated output directory

Scan Report

File Tree

Security Positives