seedance-video-creator

[Skill Scanner] URL with free hosting platform or high-abuse TLD detected All findings: [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] This skill's behavior is functionally consistent with its stated purpose (generating prompts, calling an image API to produce a reference frame, then calling a Seedance video generation API and downloading outputs). However, it contains multiple supply-chain and credential-forwarding risks: it instructs users to copy a browser session cookie (sessionid) and reuse it as a Bearer token; it recommends running an unvetted Docker image; and it allows arbitrary API base URLs (which could be attacker-run), enabling easy exfiltration of session tokens and user files. The code/instructions do not contain obfuscated or clearly malicious code, but the credential-handling and distribution recommendations are suspicious and present a medium-to-high security risk. I recommend treating this skill as SUSPICIOUS: do not run the recommended docker image or provide real session cookies to unknown endpoints; prefer official API keys or OAuth flows and host the API service from a trusted location. LLM verification: Functionally coherent with its stated purpose (storyboard prompt → image generation → video generation), but contains multiple supply-chain and credential-handling risks: it explicitly asks users to copy a browser session cookie (JIMENG_SESSION_ID) and sends that cookie as a Bearer token to whatever API_URL is configured; examples show uploading local files and downloading remote content via curl. If API_URL or the docker image is attacker-controlled, session cookies and user files can be exfilt

This permissions manifest contains high-risk elements: a hardcoded bearer token and explicit allow rules that upload local files to an external, non-standard domain and permit powerful host-level commands. While the commands shown are consistent with legitimate media-generation automation, the hardcoded credential plus broad execution privileges create a strong risk of data exfiltration and host compromise if abused. Treat this as a security alert: remove the token, restrict allowed commands and endpoints, and investigate any usage of this manifest.