Jianying Video Gen
Security checks across malware telemetry and agentic risk
Overview
The skill appears to do Jianying video generation, but it bundles and automatically uses browser session cookies while the structured credential requirements are under-declared.
Review this skill carefully before installing. Delete the bundled cookies.json, do not use exposed session cookies, configure only your own Jianying credential if you trust the source, protect that file, and confirm credit costs and media uploads before running generation jobs.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the cookies are valid, the skill can authenticate to a Jianying account and consume account credits; the cookie file itself is also a sensitive login artifact.
The package contains Jianying session/auth cookie values rather than only placeholder instructions for the user to supply their own credential.
"name": "sessionid_ss_pippitcn_web" ... "value": "ba4a05cc...[redacted]"; "name": "passport_auth_status_ss_pippitcn_web"
Do not ship cookies.json with real session values. Treat exposed cookies as compromised, delete the bundled file, and require each user to configure their own credential through a clearly declared and protected config path or safer auth flow.
Users or clients relying on structured permission metadata may not receive a clear install-time signal that this skill handles browser login cookies.
The structured metadata does not capture the cookies.json credential requirement, even though the prose description and code rely on it.
Primary credential: none; Required config paths: none; Capability signals: No capability tags were derived.
Declare cookies.json as a required credential/config item and add capability metadata for browser automation, network use, file upload/download, and account actions.
Using the skill can spend credits on the configured Jianying account.
The normal workflow submits generation tasks that consume Jianying credits; this is disclosed and central to the skill's purpose.
登录(cookies) → 新建 → 沉浸式短片 → 选模型 → ... → 输入Prompt → 提交 ... | Seedance 2.0 | 5 | 25 | 50 | 75 |
Confirm the intended model, duration, and credit cost before running a generation job, and use dry-run/manual review for tests where possible.
Reference files selected for these modes may be uploaded to Jianying and processed by that service.
I2V/V2V modes use local image or video paths as reference media for the Jianying provider workflow.
--ref-image /path/to/image.png ... --ref-video /path/to/reference.mp4 ... 登录(cookies) → ... → [上传参考视频]
Only provide media files you intend to send to Jianying, and avoid private or sensitive images/videos unless you accept that provider data flow.