seedance-v2

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill is purely informational and provides documentation for using a legitimate external CLI tool.
  • [COMMAND_EXECUTION]: The skill documents the use of the @runcomfy/cli tool to interact with the RunComfy API. The execution patterns use structured JSON input for the --input flag, which mitigates standard shell injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill describes downloading generated media from official *.runcomfy.net and *.runcomfy.com domains. These are trusted service endpoints for the described functionality.
  • [CREDENTIALS_UNSAFE]: The documentation references standard practices for managing API tokens using environment variables (RUNCOMFY_TOKEN) or configuration files (~/.config/runcomfy/token.json). No hardcoded credentials or unsafe exfiltration patterns were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 07:37 AM
Security Audit — agent-trust-hub — seedance-v2