ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Seedance Video

即梦 Seedance 文生视频:豆包 Seedance 系列模型,content 数组格式。Use when: 用户指定 doubao-seedance 模型与多段文本/媒体内容。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 93 · 0 current installs · 0 all-time installs
bytianshu@wangshengli0421
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe Seedance text->video tasks. The skill only requires TS_TOKEN (primary credential) and AIZNT_PROXY_URLS (proxy endpoints) which are exactly what a proxying client would need. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the CLI instruct the agent to POST task bodies and poll task status. The CLI supports --body and --body-file; using --body-file will read an arbitrary local file and send its JSON content to the configured proxy endpoint. That is expected for a submission client but creates a potential exfiltration risk if misused or combined with untrusted URLs.
Install Mechanism
No install spec; the skill is instruction + small Node scripts (no dependencies). Nothing is downloaded from external URLs and nothing will be written to disk by an installer.
Credentials
Only AIZNT_PROXY_URLS and TS_TOKEN are required. Both are directly used by the code: AIZNT_PROXY_URLS supplies the endpoint templates and TS_TOKEN is sent as a Bearer token. No other secrets are requested.
Persistence & Privilege
Skill is not always:true and does not request elevated platform privileges or modify other skills. It can be invoked autonomously (normal default) but has no special persistence or cross-skill configuration changes.
Assessment
This skill is internally consistent for calling a Seedance proxy, but treat the TS_TOKEN as sensitive and only configure AIZNT_PROXY_URLS with endpoints you trust. Before installing or running: (1) verify the AIZNT_PROXY_URLS values point to the official/proxied service you expect (they must include the listed keys and the {task_id} placeholder for fetch); (2) avoid using --body-file with paths that contain secrets or private data, since the CLI will read and POST file contents to the configured URLs; (3) if you must audit, review the two scripts (client.js and seedance.js) — they are short and only perform HTTP calls and optional file reads; (4) ensure your environment stores TS_TOKEN securely and do not paste it into untrusted interfaces.
scripts/client.js:3
Environment variable access combined with network send.
!
scripts/seedance.js:48
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9752wpqpvr8ek7g5fqrct158583bqkeseedancevk9752wpqpvr8ek7g5fqrct158583bqketianshuvk9752wpqpvr8ek7g5fqrct158583bqkevideovk9752wpqpvr8ek7g5fqrct158583bqke

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAIZNT_PROXY_URLS
Primary envTS_TOKEN

SKILL.md

Seedance 视频 (aiznt-seedance)

本技能封装 即梦 Seedance 异步视频管线:向 seedance_content_generation_tasks 提交包含 modelcontent 数组的请求体,再用 seedance_content_generation_tasks_fetch 轮询任务状态。认证与天树其它代理技能相同,使用 Bearer TS_TOKEN

前置条件

  • TsClaw Skills 中已为本技能配置 TS_TOKENAIZNT_PROXY_URLS(推荐一键「同步天树凭证」)。
  • AIZNT_PROXY_URLS 解析后须包含:
键名说明
seedance_content_generation_tasksPOST 创建任务
seedance_content_generation_tasks_fetchGET 查询;URL 模板中 {task_id} 由脚本替换

请求体形状(概要)

上游通常要求:

  • model:如 doubao-seedance-1-0-pro-250528(以你环境可用模型名为准)。
  • content:对象数组,元素含 type(如 text)与 text 等字段;具体嵌套规则以火山 / 豆包当前文档为准。

示例(仅作结构参考):

node scripts/seedance.js submit --body '{
  "model": "doubao-seedance-1-0-pro-250528",
  "content": [
    { "type": "text", "text": "A person walking through neon-lit alley, cinematic" }
  ]
}'

提交成功后,从响应中取出任务标识,再执行:

node scripts/seedance.js fetch --task-id <任务ID>

轮询建议

视频生成耗时较长,fetch 可能在多秒内返回 processing 类状态;由调用方(或 Agent)按间隔重复 fetch,直到成功、失败或超时。

故障排查

  • URL 未替换占位符:确认 seedance_content_generation_tasks_fetch 的值含字面量 {task_id},且与脚本中 expandUrl 一致。
  • 业务 code 非 0client.js 会将网关包装的错误信息抛出,请根据 message 调整模型名或配额。

文件说明

  • scripts/seedance.js:CLI(submit / fetch)。
  • scripts/client.js:读取环境变量、拼 URL、Authorization 头、JSON 解析。

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…