ClawHub

Seedance Video Generation

Security checks across malware telemetry and agentic risk

Overview

The core Seedance video generator appears legitimate, but it needs Review because it includes under-scoped external sharing guidance and automatically opens downloaded files through a shell on macOS.

Install only if you are comfortable sending prompts and selected image files to Volcengine/ByteDance. Avoid unusual macOS download paths and be aware downloaded files may auto-open. Do not use the Feishu workflow unless you explicitly confirm the exact file, recipient/chat, and message, because it uploads the file to Feishu using configured app credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
# Open on macOS
                    if sys.platform == "darwin":
                        os.system(f'open "{filepath}"')
                except Exception as e:
                    print(f"Download failed: {e}", file=sys.stderr)
Confidence
89% confidence
Finding
os.system(f'open "{filepath}"')

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The Feishu/OpenClaw file-sending capability extends beyond the stated purpose of generating and managing Seedance videos. This creates an extra exfiltration path for generated media that users may not expect from the skill description, increasing the chance of unintended disclosure to a separate external platform.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The document materially expands the skill from video generation into Feishu file upload and chat messaging, including local file handling and third-party API interactions. In an agent environment, this broadens the effective capability surface to include data exfiltration and external communication paths that are not reflected in the skill's stated purpose, making misuse easier and user expectations less accurate.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This section introduces Feishu messaging, CDN upload, and app credential usage that are outside the declared Seedance video-generation function. That mismatch is security-relevant because it normalizes the use of external communication channels and sensitive credentials under a skill that users may trust only for local/media generation tasks.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill automatically opens downloaded media on macOS after fetching a remote video result. Even aside from the shell-use issue, automatically launching downloaded content expands the trust boundary from 'download a file' to 'execute/open it with the local OS handler,' which can trigger unsafe behavior, privacy leaks, or user confusion if the remote content or file association is unexpected. In an agent skill, this is more dangerous because tool execution may occur with limited user visibility.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document instructs reading a local video file and uploading it to Feishu CDN before sending it into chat, but provides no warning that this is an external data transfer. In agentic or semi-automated settings, that omission can cause users to expose locally generated or locally stored content to a third party without informed consent or policy review.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The documentation references use of app_access_token, app_id, and app_secret without emphasizing that these are sensitive credentials requiring secure storage and least-privilege handling. This can lead operators to embed, log, or otherwise mishandle secrets, increasing the risk of credential leakage and unauthorized API use.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal