seedance-creator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Seedance/Dreamina helper skill with no bundled executable code, though its broad activation wording could cause surprise use if installed.

Install this only if you intend to use Dreamina/Seedance through the local dreamina CLI. Prefer explicit Seedance requests, confirm before running generation commands, and only provide image or video files you are comfortable uploading to the external service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The activation description is excessively broad and includes generic creative/media terms such as image generation, video generation, short drama, and ad video requests, making accidental or automatic invocation likely outside the intended Seedance-specific scope. Because this skill can drive a CLI that reads local files and uses persisted authentication, over-triggering increases the chance of unintended tool use and data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal