ClawHub

seedance2-skill

Security checks across malware telemetry and agentic risk

Overview

This Seedance video helper is coherent, but it gives the agent under-scoped authority to upload local files or media to a third-party API using your API key.

Install only if you are comfortable with selected prompts and media being sent to Volcengine Ark. Use a scoped API key, keep it out of chats and logs, require confirmation before API generation or downloads, avoid broad automatic activation, and do not allow the agent to pass arbitrary local paths such as SSH keys, browser profiles, credentials, or private documents as media inputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
print(f"Saved to: {filepath}")

                    if sys.platform == "darwin":
                        os.system(f'open "{filepath}"')
                except Exception as e:
                    print(f"Download failed: {e}", file=sys.stderr)
Confidence
91% confidence
Finding
os.system(f'open "{filepath}"')

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README describes broad automatic trigger phrases such as "Seedance", "video generation", and "AI video" for loading the skill. In agent platforms that auto-activate skills based on keyword matching, this can cause unintended invocation, exposing user prompts, files, or workflow context to the skill without clear user intent.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README instructs users to set an API key and documents webhook callbacks, but does not warn about secret handling, callback endpoint trust, or outbound transmission of prompts and media. This creates a realistic risk of credential leakage or unexpected data exfiltration when users copy the examples into shared shells, logs, or untrusted environments.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README states the skill will auto-load on broad keywords like “即梦”, “Seedance”, and “视频生成”, which can overlap with ordinary user conversation. In an agent environment, overly broad triggers can cause unintended skill activation, leading to unexpected external API use or execution of creative workflows without clear user intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The instructions tell users to set ARK_API_KEY but do not warn that it is a sensitive secret that must not be exposed in prompts, logs, screenshots, or committed files. In agent/tooling contexts, missing credential-handling guidance increases the chance of accidental leakage through conversation history or repository contents.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README says loading the skill gives the agent API-calling capability, but it does not disclose that user-supplied prompts, images, audio, or video may be transmitted to a third-party service. This can create privacy and data-governance risk because users may not realize their content leaves the local agent environment.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description includes a long list of broad trigger phrases such as generic terms for video generation and ads, which can cause the skill to activate in contexts beyond the user's clear intent. Over-broad invocation increases the chance the skill intercepts unrelated conversations and applies its own instructions or tool usage unexpectedly.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The skill imposes a hard requirement that all final prompts must be in Chinese regardless of the user's language or consent. This can override user preferences, reduce transparency, and create unsafe or misleading transformations when the user expects output in another language or wants exact prompt control.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes very broad terms such as '视频生成', 'AI视频', and '运镜', which can match many ordinary user requests unrelated to this skill. That increases the chance of accidental invocation, causing the agent to enter this workflow unexpectedly and potentially perform searches, image analysis, or API-generation guidance without the user explicitly selecting the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal