Seedance Video Generation Extension
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for staged video generation, but users should notice its external API credential use, local subprocess execution, and sub-agent workflow before installing.
This skill appears benign for staged story-to-video production. Before installing, make sure you trust the separate seedance-video-generation skill, use a suitable ARK_API_KEY, understand that story prompts are sent to external generation services, and review each checkpoint artifact before confirming the next stage.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can spend or access whatever the ARK_API_KEY allows when generating images.
The skill uses a local ARK_API_KEY as a bearer token for the Seedream image generation API. This credential use is expected for the stated provider integration, but it is not declared in registry requirements.
key = os.environ.get("ARK_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a dedicated, least-privileged API key if available, monitor provider usage, and be aware that prompts are sent to the external image provider.
Successful and safe operation depends on separately installed local tools and another skill that are outside this artifact set.
The skill depends on an external local seedance.py helper and FFmpeg, while the registry metadata lists no required binaries, credentials, or install spec. These dependencies are consistent with the video-generation purpose but are under-declared.
- `seedance-video-generation` skill(必须可访问 `seedance.py`) - `ARK_API_KEY` - FFmpeg(用于拼接最终视频)
Install dependencies from trusted sources, verify the seedance-video-generation skill separately, and ensure FFmpeg is the expected binary on PATH.
The skill will execute local helper programs during rendering and video concatenation.
The orchestrator runs a separate seedance.py script via subprocess, and concat_videos.py similarly runs FFmpeg. This local execution is central to the stated rendering and concatenation workflow and uses argument lists rather than shell strings.
cmd: List[str] = [
"python3",
str(seedance_script),
"create",
]Review the separate seedance.py dependency before use and run the skill only in project directories where generated files and command execution are acceptable.
A malformed or instruction-like story input could affect the sub-agent's structured output, which then guides image/video generation.
The documented unstructured-input workflow uses a spawned sub-agent to parse raw story input into JSON. This is purpose-aligned, but it means user content is handed to another agent workflow and its output influences later generation stages.
# 用 sessions_spawn 执行后,拿到结构化 JSON,再喂给 prepare
Review the sub-agent-produced JSON and the checkpoint artifacts before confirming each stage.
Project directories will retain story content, prompts, generated metadata, provider URLs, and confirmation state.
The skill stores stage checkpoints and generated artifacts for resume/review. This persistence is disclosed and supports the staged workflow, but the saved artifacts can be reused across later stages.
每阶段执行后写入 `checkpoint-{stage}.json`,默认 `confirmed=false`Store project outputs in an appropriate location and delete project directories when the artifacts are no longer needed.