Seedance Video Generation
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: seedance-video-generation Version: 1.0.3 The skill bundle is classified as suspicious due to critical vulnerabilities that enable data exfiltration and arbitrary code execution via prompt injection. The `SKILL.md` and `seedance.py` script allow reading arbitrary local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) specified by user input (via `--image`, `--last-frame`, `--ref-images` arguments) and base64 encoding their content, then sending it to `https://ark.cn-beijing.volces.com`. Additionally, the `how_to_send_video_via_feishu_app.md` document describes a `message` tool that reads a local `filePath` and uploads its content to `https://open.feishu.cn`, presenting another data exfiltration vector. The `seedance.py` script also uses `os.system(f'open "{filepath}"')` on macOS for downloaded videos, which could lead to arbitrary code execution if a malicious file URL is provided or injected. These are severe vulnerabilities, but the code does not show clear intent for self-exploitation or malicious behavior without external prompt manipulation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted download path could cause unintended local shell command execution when the generated video is downloaded.
After a successful download, the tool automatically invokes a shell command built from the download path. Because the download directory can be user-supplied, shell metacharacters in the path could be interpreted on macOS.
if sys.platform == "darwin":
os.system(f'open "{filepath}"')Replace os.system with a non-shell call such as subprocess.run(["open", str(filepath)]) or require explicit user confirmation before opening downloaded files.
If followed, generated videos may be uploaded to Feishu CDN and sent into a chat using configured Feishu app authority, potentially to an unclear recipient.
The bundled guide instructs sending generated videos through Feishu using OpenClaw Feishu app credentials. This external chat-upload capability is not part of the skill's stated description or declared credential/capability metadata.
message( action="send", channel="feishu", filePath="/root/.openclaw/workspace/seedance_cgt-...mp4", message="视频说明文字" ) ... 使用配置在 OpenClaw 中的 `feishu.app_id` 和 `feishu.app_secret`。
Treat Feishu sending as a separate, explicit action: confirm the destination chat/recipient, file path, and user intent before uploading or sending any video.
The skill needs access to a Volcengine Ark API key to create and manage video-generation tasks.
The tool requires an ARK_API_KEY and sends it as a bearer token to the Volcengine Ark API. This is expected for the stated Seedance integration, but the registry metadata says no required env vars or primary credential.
key = os.environ.get("ARK_API_KEY")
...
"Authorization": f"Bearer {api_key}"Use a scoped API key if available, keep it out of shared logs, and ensure the metadata accurately declares ARK_API_KEY as a required credential.
Prompts and selected images may be sent to Volcengine for video generation.
When the user supplies a local image, the tool base64-encodes it and submits it to the external Seedance/Volcengine API as part of the generation request. This is purpose-aligned but involves sending selected local content to a provider.
with open(p, "rb") as f:
b64 = base64.b64encode(f.read()).decode("ascii")
...
result = api_request("POST", BASE_URL, body)Only provide images and prompts you are comfortable sending to the Seedance/Volcengine service.