← Back to Skills Marketplace
Seedance Video
by
lovensky1992-wk
· GitHub ↗
· v1.0.2
· MIT-0
422
Downloads
0
Stars
1
Active Installs
7
Versions
Install in OpenClaw
/install seedance-video-gen
Description
使用字节跳动 Seedance 生成 AI 视频:文生视频、图生视频(首帧/首尾帧/参考图)、 异步任务查询。支持 Seedance 2.0(多模态输入、视频续生、视频编辑)等多个模型。 Use when: (1) 用户说"生成视频"/"做个视频"/"AI视频"/"text to video", (2) 用户要求...
Usage Guidance
This skill implements Seedance video generation and the included seedance.py CLI will call ark.cn-beijing.volces.com and requires an ARK_API_KEY. Before installing or enabling it: (1) Confirm the skill metadata is corrected to list ARK_API_KEY as a required env var (and to disclose any optional Feishu tokens if you expect to use that feature). (2) Verify the skill author/owner and source (the package _meta and registry owner differ and README/LICENSE conflict). (3) Review seedance.py yourself — it base64-encodes local images and uploads them to the listed API endpoint and will download generated videos to a local folder (~/Desktop in examples). (4) If you don't trust the source, don't set ARK_API_KEY in environments with sensitive permissions. (5) Ask the publisher to fix metadata, license statement, and disclose any optional integrations (Feishu) before installing. If those items are clarified, the skill looks coherent for its advertised purpose; until then treat it as suspicious.
Capability Analysis
Type: OpenClaw Skill
Name: seedance-video-gen
Version: 1.0.2
The skill bundle contains a potential shell injection vulnerability in 'seedance.py' within the 'cmd_wait_logic' function, where 'os.system' is used to open a file using a 'task_id' retrieved directly from a remote API response without sanitization. While the script's behavior of reading local images and using the 'ARK_API_KEY' aligns with its stated purpose of video generation via the Volcengine Ark API (ark.cn-beijing.volces.com), the use of unsafe shell execution on external data is a significant security flaw.
Capability Tags
Capability Assessment
Purpose & Capability
The SKILL.md and seedance.py clearly require an ARK_API_KEY to call the Volcengine/Ark API (and SKILL.md shows commands that use it). However the registry metadata at the top of the package claims "Required env vars: none" and "Primary credential: none" — that is an incoherence. Other docs (CHANGELOG) also mention optional Feishu integration and an app_access_token, which is not declared in the skill metadata either. Owner/slug/version information in _meta.json and registry metadata differ, and README/LICENSE present conflicting license statements (README says MIT, LICENSE file is Apache-2.0). These mismatches affect provenance and what credentials will actually be needed.
Instruction Scope
SKILL.md instructs the agent to (a) check ARK_API_KEY, (b) run the included seedance.py CLI which uploads text/images (local files may be base64-encoded) to ark.cn-beijing.volces.com, polls task status, and optionally downloads the resulting MP4 to ~/Desktop. Those instructions are consistent with a text/image→video integration and do not instruct reading unrelated system secrets or files beyond the user-supplied media. The CHANGELOG and other docs mention additional flows (Feishu upload) not surfaced in the primary SKILL.md, which may prompt the user or integrator to add more credentials later — that is scope creep in the repository documentation, even if not used by the main CLI.
Install Mechanism
There is no install spec and the skill is instruction-only plus a small Python CLI (seedance.py). Nothing in the package downloads remote code at install time. This is a lower-risk install mechanism; the included Python script will run network calls at runtime, which is expected for this purpose.
Credentials
The runtime requires ARK_API_KEY (seedance.py calls get_api_key and exits if it's missing), but the package metadata omitted declaring this required env var. The CHANGELOG mentions Feishu credentials for an optional video-sending guide (app_access_token), which are also not declared. Requiring ARK_API_KEY is proportionate to the stated purpose, but the metadata omission is misleading and could cause surprise or hidden credential requests later.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent settings. It runs as a normal, user-invocable skill. It downloads results to a user-specified directory (default examples use ~/Desktop) and executes a macOS 'open' command only when showing results — this is limited in scope.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install seedance-video-gen - After installation, invoke the skill by name or use
/seedance-video-gen - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Weekly sync
v1.0.1
Daily sync
v0.1.3
Daily sync
v0.1.2
Daily sync
v0.1.1
Daily sync
v0.1.0
Daily sync
v1.0.0
Initial release: AI video generation using ByteDance Seedance models
Metadata
Frequently Asked Questions
What is Seedance Video?
使用字节跳动 Seedance 生成 AI 视频:文生视频、图生视频(首帧/首尾帧/参考图)、 异步任务查询。支持 Seedance 2.0(多模态输入、视频续生、视频编辑)等多个模型。 Use when: (1) 用户说"生成视频"/"做个视频"/"AI视频"/"text to video", (2) 用户要求... It is an AI Agent Skill for Claude Code / OpenClaw, with 422 downloads so far.
How do I install Seedance Video?
Run "/install seedance-video-gen" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Seedance Video free?
Yes, Seedance Video is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Seedance Video support?
Seedance Video is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Seedance Video?
It is built and maintained by lovensky1992-wk (@lovensky1992-wk); the current version is v1.0.2.
More Skills