ClawHub

Seedance Vs Veo

Security checks across malware telemetry and agentic risk

Overview

This skill is a real video-generation integration, but it asks the agent to use a broad third-party Nemo session with uploads, editing, state access, and export actions beyond the simple two-model comparison users may expect.

Review before installing. Use this only if you are comfortable sending prompts and any selected files or URLs to Nemo and possibly downstream video providers. Prefer a dedicated NEMO_TOKEN, avoid confidential prompts or private media, and give explicit instructions for upload, edit, export, credits, or state actions so the agent does not infer them from ambiguous requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill advertises a narrow side-by-side text-to-video comparison, but the instructions expose a much broader capability set including uploads, state inspection, SSE-driven editing, and export workflows. This mismatch is dangerous because users and host platforms may grant trust or permissions based on the claimed scope while the skill can perform materially different operations against remote services and user session data.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documentation claims prompts are routed to Seedance and Veo-specific providers, but the actual workflow sends data through a generic Nemo backend with sessioned SSE APIs. That discrepancy creates a supply-chain and transparency risk because users cannot accurately tell where prompts are processed, what intermediary can inspect or transform them, or whether the outputs truly come from the claimed models.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
File upload support is not justified by the stated purpose of comparing two text-to-video models from a text prompt. Unnecessary upload capability expands the attack surface and increases the chance of accidental exfiltration of local or remote media to an external service without clear user expectation.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
A full export/render workflow is broader than necessary for a skill that claims to simply return two generated MP4s. Extra rendering and polling operations can trigger additional remote processing, subscription checks, and data handling beyond what a user would reasonably expect from a lightweight comparison tool.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill says it sends the exact user prompt unchanged, but elsewhere acknowledges internal rewriting. That inconsistency is security-relevant because prompt rewriting can change user intent, leak hidden instructions into provider requests, or make comparison results untrustworthy while misleading users about what data was actually transmitted.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill description encourages users to submit prompts to external APIs without any explicit privacy or data-sharing notice. Because prompts may contain proprietary creative concepts, sensitive business material, or personal data, silent transmission to third-party services creates avoidable confidentiality risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill automatically acquires and uses bearer tokens and session identifiers, including anonymous-token creation, without clear user notice about credential and session handling. This is risky because users may not realize the skill is creating persistent authenticated sessions against a third-party backend, which can affect billing, attribution, and data exposure.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The catch-all rule routing 'Everything else' to SSE is overly broad and ambiguous. In practice, this can cause unintended remote actions for loosely phrased user messages, increasing the risk of accidental data submission, unexpected edits, or backend operations outside the user's intended request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal