I'm reporting a serious security incident involving ComfyUI-RuiquNodes by ruiqutech which is currently listed in the official custom-node-list.json.
What happened:
ComfyUI-Manager automatically installed https://github.com/ruiqutech/ComfyUI-RuiquNodes without my explicit request. After installation and restart, files xmrig.zip and rigel.zip appeared on my filesystem and were automatically extracted and executed — these are known cryptocurrency miners.
Why this is dangerous:
The package description states "Support the execution of any fragment of Python code" — the node SRL Eval literally executes arbitrary Python code passed as input. This makes it trivially exploitable as a malware delivery vector.
Security level at time of incident: normal (default)
My system: Windows, ComfyUI 0.19.3, Manager V3.39.2, Python 3.14.4
Request:
Remove RuiquNodes from custom-node-list.json immediately
Investigate why Manager auto-installed it without user confirmation
Consider adding a warning or blacklist for nodes that execute arbitrary code
Reference: https://github.com/ruiqutech/ComfyUI-RuiquNodes
I'm reporting a serious security incident involving ComfyUI-RuiquNodes by ruiqutech which is currently listed in the official custom-node-list.json.
What happened:
ComfyUI-Manager automatically installed https://github.com/ruiqutech/ComfyUI-RuiquNodes without my explicit request. After installation and restart, files xmrig.zip and rigel.zip appeared on my filesystem and were automatically extracted and executed — these are known cryptocurrency miners.
Why this is dangerous:
The package description states "Support the execution of any fragment of Python code" — the node SRL Eval literally executes arbitrary Python code passed as input. This makes it trivially exploitable as a malware delivery vector.
Security level at time of incident: normal (default)
My system: Windows, ComfyUI 0.19.3, Manager V3.39.2, Python 3.14.4
Request:
Remove RuiquNodes from custom-node-list.json immediately
Investigate why Manager auto-installed it without user confirmation
Consider adding a warning or blacklist for nodes that execute arbitrary code
Reference: https://github.com/ruiqutech/ComfyUI-RuiquNodes