Epic Cinematic Transform Video Gen Seedance2.0

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paid WeryAI video-generation skill with a real model-scoping caution but no hidden, destructive, or deceptive behavior found.

Install only if you trust the publisher with a WeryAI API key. Before confirming a run, check that the request uses model SEEDANCE_2_0, review the full expanded prompt and any image URL, and remember that rerunning generation can consume additional paid credits.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The skill claims to be locked to SEEDANCE_2_0 and trailer-style generation, but the content itself admits the bundled script does not enforce that restriction in code and can interact with model-listing and broader video-generation functionality. This mismatch is dangerous because agents or users may trust the narrow documented scope while the underlying script can perform broader paid network actions or invoke unintended models/features, weakening policy enforcement and cost/control boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal