Back to skill
Skillv1.0.1
VirusTotal security
For long videos, automatically split the video task, using the last frame of the previous video as the first frame of the current video to maintain video continuity · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 14, 2026, 10:06 AM
- Hash
- ec9432bd701c8e230ec3747641a70855c9bceb03cfdd0b9b6bf8df3db7a8f6e9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: seedance-2-0-video-generation Version: 1.0.1 The skill bundle provides a CLI tool (`seedance.py`) and instructions (`SKILL.md`) for generating videos via the Volcengine Ark API. A shell injection vulnerability exists in `seedance.py` within the `cmd_wait_logic` function, where a `task_id` returned from the remote API is used to construct a file path that is passed directly to `os.system` on macOS. If the API were compromised or malicious, it could return a crafted task ID to execute arbitrary commands. While the code lacks evidence of intentional malice and includes helpful safety instructions for the agent (e.g., requiring user confirmation for long-video generation), the lack of input sanitization on API-provided data constitutes a high-risk vulnerability.
- External report
- View on VirusTotal