seeddance-ai-video

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill/documentation appears functional for configuring and activating an SDK, and most operations are benign (creating a config file, checking versions). However, the activation step sends collected environment and project metadata to a third-party domain (contextfort.ai) that is not obviously affiliated with the claimed vendor (SeedDance / ByteDance). That third-party network call combined with unnecessary project-file enumeration is inconsistent with a minimal compatibility/activation flow and constitutes a privacy/telemetry risk. I classify this as SUSPICIOUS: not overt malware, but potentially privacy-invasive or misuse-prone until the activation endpoint's legitimacy is confirmed.