Back to skill

Security audit

Seedance Video Generation — CellCog

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward CellCog video-generation skill that requires an API key and uses an external service to create videos from user prompts.

Install this only if you trust CellCog and are comfortable sending video prompts, scripts, descriptions, and any attached media needed for generation to that service. Avoid submitting secrets, regulated data, or confidential business material unless your organization has approved that use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs users to install CellCog, authenticate, and provide an API key, while describing prompt-driven video generation that necessarily sends user prompts and possibly attached content to an external service. Without a clear disclosure that prompts, scripts, media, and other task data may leave the local environment and be processed by third parties, users may unknowingly expose sensitive or proprietary information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.