happynewyear

The script scripts/happynewyear.py contains several high-risk security practices, including hardcoded API keys for Volcengine and ByteDance services and the explicit disabling of SSL certificate verification (ssl.CERT_NONE), which creates a Man-in-the-Middle (MITM) vulnerability. It also implements an aggressive auto-dependency installer using subprocess to run 'pip install'. While these behaviors appear aligned with the stated goal of generating AI-powered New Year videos, the combination of credential exposure and weakened network security constitutes a significant set of vulnerabilities.