A security-first ComfyUI custom node pack, OpenClaw enhances ComfyUI with LLM-assisted nodes, a secure HTTP API, and integrations for AIGC automation. It targets engineers and power users seeking robust, automated image and reel generation workflows, offering enhanced control, messaging platform connectivity, and a hardened security posture over convenience-focused alternatives.

How It Works

OpenClaw extends ComfyUI by introducing LLM-assisted nodes (planner, refiner, vision, batch variants) and a secure, admin-controlled HTTP API. Its core design prioritizes security with localhost-first defaults, explicit admin token boundaries for write actions, deny-by-default webhooks, and encrypted webhook modes that fail-closed. It implements strict SSRF policies, input validation, and path traversal defenses to make ComfyUI a reliable automation target.

Quick Start & Requirements

• Installation: Recommended via ComfyUI-Manager, or manually by cloning into ComfyUI/custom_nodes/.
• Prerequisites: ComfyUI installation. LLM provider API keys are required for LLM-assisted nodes.
• Configuration:
  • LLM Keys: Set via environment variables (OPENCLAW_LLM_API_KEY) or provider-specific keys. UI Key Store is available for localhost convenience.
  • Webhook Auth: Configure via OPENCLAW_WEBHOOK_AUTH_MODE (e.g., bearer, hmac) and associated tokens/secrets.
  • Admin Token: Set OPENCLAW_ADMIN_TOKEN for protected actions; localhost-only convenience mode is available if unset. Remote admin requires explicit opt-in (OPENCLAW_ALLOW_REMOTE_ADMIN=1).
• Links: docs/runtime_hardening_and_startup.md, docs/connector.md#command-authorization-policy, tests/TEST_SOP.md.

Highlighted Details

• Operator UX: Features include an in-canvas context toolbox, Parameter Lab for experiment history/replay and workflow comparison, and quick recovery actions.
• Security Hardening: Implements path traversal defense, strict API validation, runtime profiles (minimal, hardened), startup security gates, module capability boundaries, and connector command authorization policies.
• Connector Platform Parity: Integrates with Discord, Telegram, WhatsApp, LINE, WeChat, and KakaoTalk, with specific hardening for WeChat encrypted mode and KakaoTalk response handling.
• Advanced Security: Offers Security Doctor diagnostics, optional remote registry quarantine controls, and optional constrained transform execution with integrity pinning.

Maintenance & Community

The project indicates continuous development with frequent updates and new features being added. Specific community links (Discord, Slack) or a public roadmap are not detailed in the README.

Licensing & Compatibility

The provided README does not explicitly state the software license. This omission prevents a clear assessment of compatibility for commercial use or closed-source linking.

Limitations & Caveats

The project emphasizes security but warns that unsafe deployment can still create risk; users are responsible for securing keys, tokens, network exposure, and data. Some advanced features, such as constrained transform execution and remote registry sync, are optional and disabled by default. The current worker persistence is in-memory (MVP), requiring a persistent backing for production durability.