[nsingh2]

Not surprised at all, ComfyUI extensions are just arbitrary python code. The first time I tried ComfyUI extensions I put it in a podman container with GPU passthrough and blocked network access.

[Maxious]

Comfy UI manager recently added some security levels so that by default you can't accidentally leave a public instance that allows remotely installing arbitrary python code https://github.com/ltdrdata/ComfyUI-Manager?tab=readme-ov-fi...

[smarm52]

Hopefully this will be just the incentive they need to do something safer. Something similar happened before the move from PKL to SAFETENSOR for model files.