ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Seedance 2 Prompt Engineering Video Gen

v1.1.2

Design production English prompts for Seedance 2.0 then generate text-to-video or image-to-video on WeryAI (`SEEDANCE_2_0`), using bundled recipes (A–K), mod...

0· 75·0 current·0 all-time
byparallel world@zoucdr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description, required binaries (node), and required env (WERYAI_API_KEY) align with a tool that crafts prompts and calls WeryAI video APIs. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the bundled resources focus on prompt design and the WeryAI submit flows and explicitly require an explicit pre-submit confirmation before any paid submit. The included script will accept public https image URLs or, if given local file paths, will read local files and upload them to api-growth-agent.weryai.com using the WERYAI_API_KEY. Reading/uploading local files is within the declared purpose (image→video) but is a sensitive operation—the skill documents this and asks for explicit consent.
Install Mechanism
No install spec or external download URLs are present (instruction-only packaging + an included script). The code has no remote-install behavior; network calls occur at runtime to WeryAI endpoints only.
Credentials
Only WERYAI_API_KEY is required (declared as primaryEnv), which fits the described API usage. Note: that key grants both generation and upload privileges (the script posts local files to a WeryAI upload endpoint). Treat the key as sensitive and avoid committing it.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request system-wide or other-skills configuration changes. It does not request elevated persistence privileges.
Assessment
This skill appears to do what it says: help author Seedance-style prompts and call WeryAI generation endpoints. Before installing or running it: (1) Keep your WERYAI_API_KEY secret and do not commit it into the repo. (2) Review scripts/video_gen.js yourself if you plan to supply local image paths—the script will read local files and upload them to WeryAI using your API key (expected for image→video flows). If you don't want uploads, only pass public https image URLs. (3) The skill enforces a documented pre-submit gate—ensure the agent actually prompts for explicit confirmation before any paid submit to avoid accidental charges. (4) Run it in a sandbox or with a short-lived API key for initial testing. (5) If you want higher assurance, verify the network hosts (api.weryai.com and api-growth-agent.weryai.com) and confirm the prompt/parameters before any paid run.
scripts/video_gen.js:675
Environment variable access combined with network send.
!
scripts/video_gen.js:223
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a1sq7dmdka4wnyydewpjgb983fh4p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
Binsnode
EnvWERYAI_API_KEY
Primary envWERYAI_API_KEY

Comments