ClawHub

For long videos, automatically split the video task, using the last frame of the previous video as the first frame of the current video to maintain video continuity

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill mostly does what it says, but it includes an unnecessary automatic file-opening step that can invoke the shell on macOS with a user-controlled download path.

Review before installing. Use only prompts and images you are comfortable sending to Volcengine/ByteDance, use a scoped Ark API key where possible, choose a non-sensitive output directory, and avoid unusual download paths on macOS until the auto-open os.system behavior is removed or replaced with a non-shell implementation. VirusTotal was still pending, so this verdict is based on artifact review and scanner context rather than antivirus confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (13)

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
# Open on macOS
                    if sys.platform == "darwin":
                        os.system(f'open "{filepath}"')
                except Exception as e:
                    print(f"Download failed: {e}", file=sys.stderr)
Confidence
94% confidence
Finding
os.system(f'open "{filepath}"')

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly requires sensitive capabilities—reading an API key from the environment, making network requests to a third-party API, invoking shell/Python commands, and writing downloaded files—yet declares no permissions. This creates a transparency and policy-enforcement gap: an agent or user may authorize the skill without understanding that it can exfiltrate prompts/images and persist outputs locally.

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The documented workflow automatically opens the downloaded video with the local default handler after saving it. Auto-opening local files is beyond the minimum needed to generate/manage a task and can trigger unnecessary local application execution, increasing exposure to malicious media parsing bugs or unsafe file associations.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Automatically opening a downloaded file is outside the core need of creating and tracking video-generation tasks and causes an unexpected local side effect. In an agent or automation context, this can trigger unintended application launches and combines badly with the shell-based implementation, increasing the risk surface.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Local files supplied via --image or --last-frame are base64-encoded and transmitted to a remote API, but the CLI does not clearly warn users that local content will leave the machine. In a skill context handling arbitrary user-provided paths, this can lead to accidental disclosure of sensitive images or documents misnamed with image extensions.

External Transmission

Medium
Category
Data Exfiltration
Content
## Execution (Recommended: Python CLI Tool)

A Python CLI tool is provided at `~/.claude/skills/seedance-2-0-video/seedance.py` for robust execution with proper error handling, automatic retries, and local image base64 conversion. **Prefer using this tool over raw curl commands.**

### Quick Examples with Python CLI
Confidence
97% confidence
Finding
curl commands.** ### Quick Examples with Python CLI ```bash # Text-to-video (create + wait + download) python3 ~/.claude/skills/seedance-2-0-video/seedance.py create \ --prompt "超写实特写:一只橘白色相间的英国短毛

External Transmission

Medium
Category
Data Exfiltration
Content
**With image URL:**
```bash
TASK_RESULT=$(curl -s -X POST "https://ark.cn-beijing.volces.com/api/v3/contents/generations/tasks" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $ARK_API_KEY" \
  -d '{
Confidence
97% confidence
Finding
curl -s -X POST "https://ark.cn-beijing.volces.com/api/v3/contents/generations/tasks" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $ARK_API_KEY" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
IMG_BASE64=$(base64 < "$IMG_PATH" | tr -d '\n')
IMG_DATA_URL="data:image/${IMG_EXT_LOWER};base64,${IMG_BASE64}"

TASK_RESULT=$(curl -s -X POST "https://ark.cn-beijing.volces.com/api/v3/contents/generations/tasks" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $ARK_API_KEY" \
  -d '{
Confidence
98% confidence
Finding
curl -s -X POST "https://ark.cn-beijing.volces.com/api/v3/contents/generations/tasks" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $ARK_API_KEY" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
Requires two images.

```bash
TASK_RESULT=$(curl -s -X POST "https://ark.cn-beijing.volces.com/api/v3/contents/generations/tasks" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $ARK_API_KEY" \
  -d '{
Confidence
97% confidence
Finding
curl -s -X POST "https://ark.cn-beijing.volces.com/api/v3/contents/generations/tasks" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $ARK_API_KEY" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Step 1: Create draft
DRAFT_RESULT=$(curl -s -X POST "https://ark.cn-beijing.volces.com/api/v3/contents/generations/tasks" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $ARK_API_KEY" \
  -d '{
Confidence
95% confidence
Finding
curl -s -X POST "https://ark.cn-beijing.volces.com/api/v3/contents/generations/tasks" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $ARK_API_KEY" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
DRAFT_TASK_ID=$(echo "$DRAFT_RESULT" | python3 -c "import sys,json; print(json.load(sys.stdin)['id'])")

# Step 2: After draft succeeds, generate final video from draft
FINAL_RESULT=$(curl -s -X POST "https://ark.cn-beijing.volces.com/api/v3/contents/generations/tasks" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $ARK_API_KEY" \
  -d '{
Confidence
93% confidence
Finding
curl -s -X POST "https://ark.cn-beijing.volces.com/api/v3/contents/generations/tasks" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $ARK_API_KEY" \ -d

Session Persistence

Medium
Category
Rogue Agent
Content
### Quick Examples with Python CLI

```bash
# Text-to-video (create + wait + download)
python3 ~/.claude/skills/seedance-2-0-video/seedance.py create \
  --prompt "超写实特写:一只橘白色相间的英国短毛小猫,趴在米白色亚麻沙发上,慵懒地对着镜头打了一个大大的哈欠,露出粉色的小舌头和尖尖的乳牙。窗外是柔和的午后自然光,从侧面洒在小猫的绒毛上,毛发根根分明。背景虚化为暖色调的室内环境,有模糊的绿色盆栽。镜头固定,焦点始终在小猫脸上,画面温馨治愈。" \
  --wait --download ~\\.openclaw\\workspace\\files
Confidence
90% confidence
Finding
create + wait + download) python3 ~/.claude/skills/seedance-2-0-video/seedance.py create \ --prompt "超写实特写:一只橘白色相间的英国短毛小猫,趴在米白色亚麻沙发上,慵懒地对着镜头打了一个大大的哈欠,露出粉色的小舌头和尖尖的乳牙。窗外是柔和的午后自然光,从侧面洒在小猫的绒毛上,毛发根根分明。背景

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# 第 1 段
python3 ~/.claude/skills/seedance-2-0-video/seedance.py create \
  --prompt "开场白,展示品牌Logo" \
  --duration 5 --return-last-frame true --wait --download "~\\.openclaw\\workspace\\files\\video"
Confidence
92% confidence
Finding
create \ --prompt "开场白,展示品牌Logo" \ --duration 5 --return-last-frame true --wait --download "~\\.openclaw\\workspace\\files\\video" # 提取尾帧(上面 --download 已自动保存,也可用 last-frame 命令) python3 ~/.claude/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal