Seedance Video

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent Seedance video-generation helper, but users should know it sends prompts and images to Volcengine Ark and may auto-open downloaded videos on macOS.

Install only if you are comfortable using a paid Volcengine Ark/Seedance API key and sending prompts, image URLs, or local images to that provider for processing. Avoid confidential or regulated media unless that sharing is intended, confirm task IDs before delete/cancel operations, and consider disabling or avoiding the macOS auto-open behavior after downloads.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (12)

os.system() or os exec-family call

High

Category: Dangerous Code Execution
Content: # Open on macOS if sys.platform == "darwin": os.system(f'open "{filepath}"') except Exception as e: print(f"Download failed: {e}", file=sys.stderr)
Confidence: 95% confidence
Finding: os.system(f'open "{filepath}"')

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill instructs the agent to use environment variables, networked API calls, and shell execution, but it does not declare any permissions or boundaries for those capabilities. This creates a real authorization gap: the runtime may permit powerful actions without clear user visibility or policy enforcement, increasing the risk of unintended command execution, data access, or secret exposure if the skill is invoked unexpectedly or modified later.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The changelog documents a Feishu video sending workflow, including message tool usage, API upload, distribution, and authentication details, which materially expands the skill from video generation into message delivery and cross-system exfiltration. In an agent setting, this capability can enable generated content or local files to be transmitted to external chats, increasing the risk of unintended data disclosure and out-of-scope actions.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Documenting Feishu API upload and message distribution introduces a secondary capability not justified by the stated Seedance-only purpose. Even though this file is a changelog, exposing operational steps and required tokens normalizes using the skill for outbound communication, which can be abused for data exfiltration or unauthorized content posting when combined with agent tool access.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: Automatically opening a downloaded file is not required to generate or download a video and introduces an unnecessary local side effect. This can surprise users, trigger execution of associated applications, and increase exposure if a malicious or unexpected file is retrieved from the remote URL.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation phrases are broad enough to match many ordinary requests such as 'generate a video' or 'make a video,' which can cause the skill to trigger in situations where the user did not specifically intend to invoke this external API-backed workflow. Because the skill can access shell, network, and environment-backed credentials, accidental activation is more dangerous here than in a purely informational skill.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The examples send prompts to a third-party API using an authenticated request, but the reference does not warn users that their text inputs are transmitted off-device to a remote service. In a skill that may be used with sensitive creative prompts or internal data, this omission can cause accidental data disclosure through normal use.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The local image example base64-encodes a file and uses it in the API payload, but it does not explicitly say that the file contents are still being uploaded to the remote provider. Users may incorrectly assume base64 is a local-only transformation and unknowingly transmit sensitive images off-device.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The delete/cancel example performs a destructive remote action, but the document does not warn that it may permanently cancel or remove remote generation tasks. This can lead to unintended loss of work or interruption of billable jobs if copied blindly.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The tool opens the downloaded video automatically on macOS without explicit prior consent. That behavior is unexpected for a CLI and increases risk by causing local application launch and processing of remote content immediately after download.

External Transmission

Medium

Category: Data Exfiltration
Content: # Seedance curl API 参考 > 完整 curl 命令参考。日常使用推荐 Python CLI（`{baseDir}/seedance.py`），此文件仅供调试或 CLI 不可用时参考。
Confidence: 93% confidence
Finding: curl API 参考 > 完整 curl 命令参考。日常使用推荐 Python CLI（`{baseDir}/seedance.py`），此文件仅供调试或 CLI 不可用时参考。 ## Base URL ``` https://ark.cn-beijing.volces.com/api/v3 ``` ## 创建任务 ### Mode A: 文生视频 ```bash TASK_RESU

External Transmission

Medium

Category: Data Exfiltration
Content: **URL 图片：** ```bash curl -s -X POST "https://ark.cn-beijing.volces.com/api/v3/contents/generations/tasks" \ -H "Content-Type: application/json" -H "Authorization: Bearer $ARK_API_KEY" \ -d '{ "model": "doubao-seedance-1-5-pro-251215",
Confidence: 95% confidence
Finding: curl -s -X POST "https://ark.cn-beijing.volces.com/api/v3/contents/generations/tasks" \ -H "Content-Type: application/json" -H "Authorization: Bearer $ARK_API_KEY" \ -d

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal