ClawHub

seedance2.0开源版

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward Seedance video-generation skill, with the main risks being expected API use, paid generation, and local video downloads.

Install only if you are comfortable sending video prompts and generation settings to redfox.hk/Seedance and potentially spending RedFox credits. Prefer REDFOX_API_KEY as an environment variable, avoid putting secrets in shell history or plaintext files, and change the output directory or use --no-download if you do not want generated videos saved under ~/Downloads/QoderVideos.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README describes invocation in very broad natural-language terms ('Simply describe the video scene you want') and includes generic examples, but it does not define tight trigger conditions or boundaries for when this skill should be selected. In an agent environment, that can cause over-invocation on loosely related user requests, leading to unintended external API calls, unnecessary spending, and disclosure of user prompts or sensitive context to a third-party video service.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README instructs users to invoke the skill with very broad natural-language requests such as generic video-generation phrases, which can cause the skill to trigger on ordinary conversational input unintentionally. In an agent environment, overly broad activation increases the chance of surprise execution, unintended API use, and automatic file downloads without sufficiently explicit user consent.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The README mentions that generated videos are downloaded automatically to ~/Downloads/QoderVideos/, but the warning is not prominent and may be missed by users before execution. Automatic local writes are a security and privacy concern because they can consume disk space, expose sensitive generated content on shared systems, or create artifacts the user did not knowingly authorize.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation description uses broad terms like AI 视频生成器, AI 视频, and text-to-video, which are common everyday phrases and may trigger the skill unintentionally in unrelated contexts. Unintended activation can cause prompts or task data to be sent to an external service without the user meaning to invoke this specific integration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document explains that user prompts are submitted through redfox.hk to the Seedance backend, but it does not prominently warn users that their prompts, task metadata, and possibly referenced asset URLs will leave the local environment. This creates a privacy and compliance risk, especially if users include sensitive or proprietary content in prompts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The API key guidance recommends passing secrets on the command line and storing them in a plaintext JSON file, but omits warnings that command-line arguments may be exposed through shell history or process listings and that plaintext files may be readable by other local users or backups. This increases the chance of credential disclosure and subsequent unauthorized use of the external API account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal