ClawHub

Seedance 视频提示词工业化生成

Security checks across malware telemetry and agentic risk

Overview

This skill generates Seedance video prompts and saves them as a Markdown file; that behavior is disclosed and aligned with its purpose, but users should confirm where files will be written.

Install this if you want a structured Seedance prompt-generation workflow and are comfortable with it creating Markdown files in the working directory. Before use, confirm the intended filename and location, and avoid running it where an accidental overwrite or saved script content would matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to write generated content directly to a Markdown file in the working directory, despite no metadata or manifest indicating that filesystem modification is required or authorized. This creates an unnecessary side effect and can overwrite or create files without clear user consent, which is risky even if the intended content is benign prompt-generation output.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to directly write a .md file and only report the file path, without requiring explicit user consent for filesystem modification or disclosing where the file will be created. In an agent environment with write capabilities, this can lead to silent side effects, unintended persistence, overwriting of user content, or misuse of writable paths, and the "only report file path" instruction reduces transparency and user oversight.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs the agent to modify the local filesystem without any user-facing warning, confirmation, or opt-in step. In context, the instruction is framed as a hard requirement ("must directly write") and therefore increases risk of silent file creation or overwrite, reducing transparency and user control over agent actions.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal