Back to skill
Skillv1.0.2
VirusTotal security
Seedance Video · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:36 AM
- Hash
- 6ac7267be44e9ca9d0b63e3a9d10c40565847e050d92fcb49c4a7334829be436
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: seedance-video-gen Version: 1.0.2 The skill bundle contains a potential shell injection vulnerability in 'seedance.py' within the 'cmd_wait_logic' function, where 'os.system' is used to open a file using a 'task_id' retrieved directly from a remote API response without sanitization. While the script's behavior of reading local images and using the 'ARK_API_KEY' aligns with its stated purpose of video generation via the Volcengine Ark API (ark.cn-beijing.volces.com), the use of unsafe shell execution on external data is a significant security flaw.
- External report
- View on VirusTotal