ClawHub

Bilibili AI Subtitle

Security checks across malware telemetry and agentic risk

Overview

This subtitle downloader is mostly aligned with its purpose, but it automatically uses local browser login cookies without a clear opt-in warning.

Install only if you are comfortable with this skill using your logged-in Bilibili browser session through yt-dlp. Prefer running it without browser cookies for public videos, or use a separate browser profile/account if member-only access is needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest says this skill downloads AI subtitles, but the script additionally transforms them into a new summary/transcript document with extracted text and preview content. That broader data-processing behavior increases exposure of retrieved content, creates extra artifacts on disk, and can surprise users who expected only subtitle download behavior.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script probes local Chromium and Windows Edge profiles and passes those browser stores to yt-dlp via --cookies-from-browser. Accessing browser-authenticated session data is significantly broader than simple subtitle downloading and can expose account-bound content or sensitive browsing credentials if abused.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup text says the script will automatically detect and use available cookies for member-only videos, but it does not present this as a clear security/privacy warning or require explicit consent at usage time. Because browser cookies can grant authenticated access, silent or under-disclosed reuse of them can expose account-scoped data and make users run the skill without understanding that local credential stores will be accessed.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script accesses browser cookies without disclosing that behavior in help text or obtaining explicit consent. Hidden access to local browser session stores is risky because users may unknowingly grant the tool authenticated access to private resources and sensitive local data.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal