ClawHub

Dark Ritual Transform Video Gen Seedance2.0

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WeryAI video-generation skill, but users should verify the model and avoid sending sensitive material to the external API.

Install only if you trust this package with a WeryAI API key. Before approving a run, confirm the JSON uses model SEEDANCE_2_0, review the full prompt and any image URL, and do not submit secrets, private URLs, personal data, or confidential assets unless you are comfortable sending them to WeryAI and potentially spending credits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The documentation explicitly states that the CLI does not enforce per-skill model restrictions and accepts any model key supplied by the caller. That creates a policy bypass: a skill advertised as Seedance 2.0-only can be used with unrelated WeryAI models, undermining safety, quality, and governance constraints defined in the skill manifest.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The file is packaged with a skill marketed as Seedance 2.0-oriented, yet it documents a generic video CLI with no technical restriction to that model family. This mismatch can mislead integrators into believing the limitation is enforced when in fact it is only advisory, increasing the chance of unauthorized or out-of-policy model usage.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill metadata claims it is restricted to Seedance 2.0-style dark-ritual transformation, but the implementation accepts any caller-provided model and exposes a model enumeration command. This breaks the declared security and capability boundary, enabling users or downstream agents to invoke unintended models and broader video-generation behavior than the skill advertises.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file is presented as a narrowly scoped gothic scene transformation skill, but the code implements a general-purpose WeryAI video CLI with text, image, multi-image, status, and model-registry operations. This mismatch is dangerous because policy engines, reviewers, or agents may grant it permissions based on the benign/narrow description while the code can perform much broader actions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The implicit trigger prompt is broad enough that normal user requests about gothic, candlelit, moody, or mystery-style video edits could activate the skill without an explicit invocation. This can cause unintended skill routing, making behavior less predictable and potentially overriding user intent or invoking a specialized transformation in contexts where it was not clearly requested.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documentation instructs users to send prompts and public image URLs to external WeryAI API hosts but does not clearly warn that user content is being transmitted to third-party services. In a media-generation context, prompts and referenced images may contain sensitive, proprietary, or personal data, so the absence of a privacy/data-sharing notice can lead to unintended disclosure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal