Back to skill

Security audit

Doubao Seedream & Seedance API Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Doubao/Volcengine image, video, and vision API helper, with normal but privacy-sensitive use of API keys, external requests, and local result files.

Install only if you are comfortable sending generation prompts and image inputs to Volcengine/Doubao. Prefer ARK_API_KEY as an environment variable, do not commit .env or .volcengine config files, inspect any remote install script before running it, and save downloads only to intended output directories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (15)

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The skill exposes remote download and arbitrary local file write behavior through output_path, which exceeds its stated query-oriented role and can be abused by upstream callers to overwrite files or persist untrusted content. In an agent setting, hidden side effects like local writes are more dangerous because higher-level orchestration may invoke this capability without treating it as a file-writing operation.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase telling users to say "help" or "帮助" is overly broad and can easily collide with ordinary conversation, causing the skill to activate unintentionally. In an agent environment, accidental invocation can lead to unexpected actions, disclosure of context, or confusing behavior even if no explicit malicious payload is present.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill invites users to submit image URLs and local image paths for analysis without clearly warning that those assets may be transmitted to an external Volcengine/Doubao service. This creates a privacy and data-handling risk because users may provide sensitive local files or private URLs without understanding they leave the local environment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code fetches a remote URL and writes the response directly to disk without validating the source, checking content type/size, or warning the caller about the side effect. If the task result URL is attacker-controlled or compromised, this could enable storage of malicious payloads, disk exhaustion, or unintended persistence of untrusted data on the host.

Credential Access

High
Category
Privilege Escalation
Content
cd seedream-skill

# Configure
echo "ARK_API_KEY=your-api-key" > .env

# Run
docker compose up --build
Confidence
90% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
volcengine-python-sdk[ark]>=5.0.0
PyYAML>=6.0
Pydantic>=2.0.0
httpx>=0.27.0
Pillow>=10.0.0
Confidence
91% confidence
Finding
PyYAML>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
volcengine-python-sdk[ark]>=5.0.0
PyYAML>=6.0
Pydantic>=2.0.0
httpx>=0.27.0
Pillow>=10.0.0
pytest>=7.4.0
Confidence
91% confidence
Finding
Pydantic>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
volcengine-python-sdk[ark]>=5.0.0
PyYAML>=6.0
Pydantic>=2.0.0
httpx>=0.27.0
Pillow>=10.0.0
pytest>=7.4.0
pytest-cov>=4.1.0
Confidence
91% confidence
Finding
httpx>=0.27.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
PyYAML>=6.0
Pydantic>=2.0.0
httpx>=0.27.0
Pillow>=10.0.0
pytest>=7.4.0
pytest-cov>=4.1.0
Confidence
91% confidence
Finding
Pillow>=10.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
Pydantic>=2.0.0
httpx>=0.27.0
Pillow>=10.0.0
pytest>=7.4.0
pytest-cov>=4.1.0
Confidence
88% confidence
Finding
pytest>=7.4.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.27.0
Pillow>=10.0.0
pytest>=7.4.0
pytest-cov>=4.1.0
Confidence
88% confidence
Finding
pytest-cov>=4.1.0

Known Vulnerable Dependency: PyYAML — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
95% confidence
Finding
PyYAML

Known Vulnerable Dependency: Pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
87% confidence
Finding
Pydantic

Known Vulnerable Dependency: httpx — 2 advisory(ies): CVE-2021-41945 (Improper Input Validation in httpx); CVE-2021-41945 (Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `http)

Critical
Category
Supply Chain
Confidence
89% confidence
Finding
httpx

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
95% confidence
Finding
Pillow

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.