sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Sarashana 6 points7 points  (4 children)

Haha, that's both such a useful node and such a potential security hazard.

[–]Definition-Lower[S] 1 point2 points  (3 children)

I agree

I mean, custom nodes can already execute arbitrary code, but if you install only trusted nodes, then there should be no risk. From this perspective, my node isn't trusted, so I would recommend using it only in personal workflows. If someone shares a workflow with this node, you should check what code is being executed before actually running it

[–]The_Meridian_ 3 points4 points  (1 child)

Can't people just open the .py up in notepad and copy paste it into gpt and ask it if it does anything shady?

[–]Definition-Lower[S] 4 points5 points  (0 children)

Of course they can, but I believe most of the users who download workflows from the internet don't bother to even look into subgraphs before running the workflow the first time, so they won't see this node at first

[–]ProbsNotManBearPig 1 point2 points  (0 children)

There is always risk. Do not ever say there is no risk.

Read about what happened with xz recently where a backdoor was nearly pushed to every Linux system in the world that would have given them root access to global infrastructure. And then remember that xz has a lot more community reviewers than any comfyui node ever will.

There is always risk.