ClawHub

surreal-mutation-transform-video-gen-seedance2-0

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WeryAI video-generation skill whose main caution is that user-approved local image paths can be uploaded to WeryAI.

Install only if you are comfortable providing a WeryAI API key and sending prompts, public image URLs, or deliberately selected local images to WeryAI. Before confirming any run, verify the model is SEEDANCE_2_0, the paid settings are intended, and no local file path is being uploaded unless you explicitly chose that file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation expands the skill from remote video generation into local file access and upload, allowing the script to read arbitrary local image paths and send their contents to a separate endpoint. In an agent setting, this creates a data-exfiltration risk because users may believe they are only supplying prompts or URLs, while the tool can access local files if given a path.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Documenting that non-HTTPS inputs are treated as local paths and uploaded to another service is a meaningful capability increase beyond the advertised surreal-video purpose. In practice, an agent or user could unintentionally provide a filesystem path, causing local content to be read and transferred off-host.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The docs first state that public HTTPS URLs are mandatory, then later describe an automatic local-path upload fallback. That contradiction can mislead operators and wrappers into assuming only remote URLs are processed, weakening user consent and safety expectations around local file access.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The implicit trigger prompt is broad enough that loosely related user requests about surreal or weird vertical clips may activate the skill unintentionally. This can cause inappropriate tool/skill routing, reducing user control and potentially invoking generation behavior in contexts where the user did not explicitly request this specific skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal