Security audit

SeedanceVideo

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward video-generation guide for Volcengine Seedance that uses an API key and sends prompts or image URLs to that provider, with no hidden code or persistence found.

Install this only if you intend to use Volcengine Ark/Seedance for video generation. Use a dedicated Ark API key where possible, check cost and quota settings, and avoid sending confidential prompts, private images, personal data, or regulated content unless you are comfortable sharing it with that provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The skill instructs users to send prompts, image URLs, and an API key-authenticated request to a third-party service without a clear privacy and data-handling warning. In this context, users may unknowingly transmit sensitive prompts, proprietary images, or regulated data to an external provider, increasing confidentiality and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal