Back to skill
Skillv1.0.0
VirusTotal security
Seedance Video Generation Extension · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:38 AM
- Hash
- 9f2d76d19b96a4b7e15023e9c5bf4a902778c767a45fac05395cfb94a04a8b46
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: seedance-story-orchestrator Version: 1.0.0 The skill is classified as suspicious primarily due to the `download_video` function in `scripts/orchestrate_story.py`. This function uses `urllib.request.urlretrieve` to download files from URLs provided by the `seedance.py` sub-skill's output. While intended for legitimate video downloads, this capability introduces a vulnerability: if the `seedance.py` dependency or its output were compromised, it could be leveraged to download arbitrary malicious payloads or exfiltrate data to external endpoints. Additionally, `scripts/seedream_image.py` directly accesses the `ARK_API_KEY` environment variable, which is a sensitive capability, though necessary for its stated purpose. There is no clear evidence of intentional malicious behavior such as credential theft or backdoor installation within this skill bundle; rather, these are risky capabilities that could be exploited.
- External report
- View on VirusTotal