SeedDance AI Video Generation
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only guide for using a SeedDance video API, but users should verify the external SDK and handle the required API key carefully.
Before installing, verify that the npm package and SeedDance service endpoint are legitimate, store the API key securely, and review any batch generation or webhook settings so you do not unintentionally spend credits or expose generated media links.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the wrong or compromised package could affect the local development environment.
The guide asks the user to install an external, unpinned npm SDK. This is purpose-aligned for a video API integration, but the artifact does not provide package provenance or a pinned version.
npm install seeddance-sdk
Verify the SDK publisher and package authenticity before installing, and consider pinning a known-good version.
Anyone with the API key may be able to use the video generation service and consume credits or quota.
The skill expects a SeedDance API key, which is appropriate for the stated API integration but gives the SDK delegated access to the user's service account or quota.
export SEEDDANCE_API_KEY="your-api-key-here"
Use a scoped key if available, store it in a protected environment or secret manager, and rotate it if exposed.
Unintended repeated generation could consume API credits or hit rate limits.
The examples submit generation jobs to an external service and acknowledge credit consumption. This is central to the skill's purpose, but users should be aware that repeated or batch use can spend quota.
console.log(`消耗积分: ${result.creditsUsed}`);Confirm prompts, batch sizes, and expected cost before running generation tasks.
If the webhook endpoint is misconfigured, generation results or task metadata could be exposed to the wrong recipient.
The guide includes webhook callbacks for long-running tasks. This is a normal integration pattern, but callbacks may carry task identifiers, status, or generated media links.
webhook: 'https://your-server.com/api/seeddance-callback'
Use HTTPS, authenticate callback requests, and avoid sending callbacks to endpoints you do not control.