Is dexhunter/seedance-prompt-zh safe?

https://github.com/openclaw/skills/tree/main/skills/dexhunter/seedance-prompt-zh

95
SAFE

The seedance-prompt-zh skill is a legitimate, benign Chinese-language guide for writing structured prompts for ByteDance's Seedance 2.0 AI video generation model. The SKILL.md contains no prompt injection directives, no code execution mechanisms, no data exfiltration logic, and no suspicious external references. Canary files were accessed read-only at audit boundary timestamps consistent with the Oathe monitoring framework's own baseline integrity checks, not with skill-originated behavior; the canary integrity system confirmed all honeypot files remain intact.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

INFO Standard persona assignment in skill header -5

The skill opens with a role assignment ('你是 即梦 Seedance 2.0 的专业提示词工程师') which is normal for skill/plugin functionality but does cause the agent to adopt a specialized persona when the skill is active.

INFO Canary files read-opened at audit boundary timestamps -10

Sensitive honeypot files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud credentials) were opened in read-only mode twice: once at 10:55:23 (before git clone at 10:55:29) and once at 10:55:40 (after skill analysis completed). Timing and CLOSE_NOWRITE flags strongly indicate these are Oathe framework baseline integrity sweeps, not skill-originated access.

INFO Indirect deepfake/synthetic media facilitation potential -10

The skill provides detailed guidance for generating AI videos including character replacement, face-reference workflows, and video editing instructions. If used with a real Seedance 2.0 integration, it could facilitate synthetic media creation. This is a content-policy concern rather than a direct security threat from the skill itself.

INFO No exfiltration mechanisms detected -2

SKILL.md contains no instructions to read files, access environment variables, or transmit data to external endpoints. The skill is pure text documentation with no programmatic components.