Skills
skills/evolinkai/seedance2-video-gen-skill-for-openclaw/seedance-2-video-gen/Gen Agent Trust Hub

seedance-2-video-gen

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill performs its stated function of generating videos via the vendor's API.
  • [COMMAND_EXECUTION]: The skill uses a bash script (scripts/seedance-gen.sh) to interact with the EvoLink API. This script correctly utilizes jq to construct JSON payloads, preventing potential shell injection vulnerabilities when handling user-provided prompts.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to api.evolink.ai, which is the official endpoint for the EvoLink service described in the skill's documentation. This is consistent with its primary purpose.
  • [CREDENTIALS_UNSAFE]: The skill manages credentials using the EVOLINK_API_KEY environment variable. The installer script (bin/cli.js) offers to add this key to shell configuration files (e.g., .bashrc, .zshrc) only after explicit user consent, which is a standard setup pattern for developer tools.
  • [DATA_EXFILTRATION]: Data transmission is limited to sending user prompts and media URLs to the vendor's API for processing. There is no evidence of unauthorized sensitive file access or data exfiltration.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 01:36 PM
Security Audit — agent-trust-hub — seedance-2-video-gen