seedance

This SKILL.md is an instruction document for a video-generation skill that integrates with Volcengine Seedance. The requested capabilities (reading an API key from ARK_API_KEY environment variable, uploading local images, accepting remote image URLs, and downloading generated MP4s) are consistent with its stated purpose. I found no evidence of hidden credential exfiltration, third-party proxying of API calls, download-and-execute patterns, or obfuscated/malicious code in the provided text. The main security considerations are: (1) the API key is a sensitive credential — ensure it is stored and provided securely; (2) local files uploaded to the cloud may expose private content — users should review privacy implications; and (3) allowing arbitrary external image URLs could introduce SSRF or cause the service to fetch attacker-controlled endpoints depending on implementation. Without the actual script sources that perform HTTP uploads and downloads, full verification is not possible. Overall likelihood of intentional malicious behavior is low, but moderate operational risk exists from sensitive-file uploads and the required API credential.