Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Seedance Prompt Library
v1.0.2Search, rewrite, and generate Seedance 2.0 video prompts with cinematic variants and bilingual output. Seedance提示词检索/改写/生成
⭐ 0· 47·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description, included reference files, and the search helper script all align with a prompt library for Seedance prompts. The helper script fetches README files from the stated upstream repo, which is coherent with the skill's stated purpose.
Instruction Scope
SKILL.md stays focused on searching, rewriting, and generating prompts, and limits output sizes. However, it explicitly instructs to 'keep any required license handling at the repository level, not in the normal user-facing output flow.' The included references/source-attribution.md states the upstream is CC BY 4.0 and requires attribution. Encouraging omission of attribution from user-facing outputs is a legal/consistency problem and could cause downstream license violations (or produce outputs that omit required attribution).
Install Mechanism
No install spec and only a small helper script are included. There are no downloads, extracted archives, or external installers — minimal on-disk impact and low install risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The helper script fetches content from GitHub raw URLs, which is appropriate for searching a public repository and proportionate to the stated function.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or modify other skills. It does not request special privileges or access to other agents' configurations.
What to consider before installing
This skill appears to do what it says (search and generate Seedance prompts) and contains only a small helper script that fetches the upstream README files. However, the upstream material is marked CC BY 4.0 (attribution required) and the SKILL.md suggests keeping license handling out of normal user-facing outputs — that is inconsistent and could lead to redistributing prompts without the required attribution. Before installing or using the skill: 1) Decide whether you will include attribution in user-visible outputs or otherwise comply with CC BY 4.0 (e.g., include a short attribution line or link in generated prompt packs or a repository README). 2) Audit any outputs you plan to redistribute to ensure they are not verbatim copyrighted prompts that require attribution or that exceed reasonable reuse under the license. 3) If you will run the included script in an environment with network access, be aware it fetches raw files from GitHub (expected for searching) — confirm that network access and remote fetches are acceptable in your environment. 4) If you want to be conservative, update SKILL.md/response templates to include a visible attribution note when upstream examples are used. Overall the implementation is low-risk technically, but the license-handling guidance is the main red flag and should be corrected before wide deployment.Like a lobster shell, security has layers — review code before you run it.
latestvk975q62p4px3g4qxaa3njw1tvs8418eh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.