中文 EN

Scan Report

Scan New Files

This report was generated in Chinese. Some content may be in Chinese.
Trusted — Risk Score 5/100
Last scan:4 hr ago Rescan
5 /100
seedance-2-0
字节跳动 Seedance 2.0 AI 视频生成技能,支持文生图、文生视频,提供申请指南和快速生成封装
合法的字节跳动 Seedance 2.0 API 调用封装工具,代码行为与文档声明完全一致,无恶意操作
Skill Nameseedance-2-0
Duration46.0s
Enginepi
ClawHub seedance2.0 v1.0.1 by airoyi
📥 12
ClawHub Verdict Suspicious env_credential_accessllm_suspicious
Safe to install
可安全使用

Findings 1 items

Severity Finding Location
Low
文件系统写入权限未声明 Priv Escalation
SKILL.md 仅声明读取环境变量配置,但代码实际使用 fs.writeFileSync 将生成的视频写入本地磁盘
fs.writeFileSync(options.outputPath, videoBuffer);
→ 建议在 SKILL.md 文档中明确声明 '下载结果' 功能涉及文件系统写入权限
 seedance2.0.ts:167
ResourceDeclaredInferredStatusEvidence
Environment READ READ ✓ Aligned seedance2.0.ts:55-62 getApiConfig() 读取 ARK_API_KEY 和 ARK_BASE_URL
Network READ WRITE ✓ Aligned seedance2.0.ts:139-148 调用火山引擎 API 生成视频,POST 请求携带 API Key
Filesystem NONE WRITE ✗ Violation seedance2.0.ts:167-172 fs.writeFileSync(options.outputPath, videoBuffer) 写入视频文件
3 findings
🔗
Medium External URL 外部 URL
https://partner.volcengine.com/partners/auth/confirm?inviteToken=Z804VS6L0OUHUALB0UA450PEUPSJ4TYN4LA4JPO6F652OBSUUKI94FY...
README.md:96
🔗
Medium External URL 外部 URL
https://ark.cn-beijing.volces.com/api/v3
SKILL.md:56
🔗
Medium External URL 外部 URL
https://fcndvyb6ssj0.feishu.cn/wiki/Y5gMwATc1i6A3BkpDGZc84axn4b
seedance2.0.ts:248

File Tree

4 files · 16.8 KB · 533 lines
TypeScript 1f · 327L Markdown 2f · 184L JSON 1f · 22L
├─ 📋 package.json JSON 22L · 586 B
├─ 📝 README.md Markdown 101L · 3.3 KB
├─ 📜 seedance2.0.ts TypeScript 327L · 10.3 KB
└─ 📝 SKILL.md Markdown 83L · 2.6 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
dotenv ^16.4.5 npm No 环境变量加载库,合法用途,无安全风险

Security Positives

✓ 代码结构清晰,TypeScript 类型定义完整
✓ 功能与文档声明完全一致,无阴影功能
✓ API 调用逻辑正常,仅向火山引擎官方 API 发送请求
✓ 依赖简单,仅使用 dotenv 加载环境变量,无可疑第三方依赖
✓ 无 shell 执行、无凭证外传、无代码混淆