ClawHub

Bilibili Auto Transcript

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for Bilibili transcription, but it automatically uses local browser session cookies and advertises more automation than the included scripts clearly implement.

Install only if you are comfortable letting this skill and yt-dlp access your local browser login cookies for Bilibili. Prefer using a dedicated Bilibili/browser profile or exported cookie file, avoid private favorites unless needed, review the cron setup before enabling it, and expect transcript files to be overwritten for the same video.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill advertises a much broader automated workflow than what the provided behavior apparently implements, including AI summarization, notifications, scheduling, and full auto-transcription. This mismatch can mislead users into granting trust, credentials, or automation privileges under false assumptions, which is a supply-chain transparency and security risk even if not directly exploitable code execution.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script automatically enumerates local Chromium and Windows Edge profile paths and passes browser cookies to yt-dlp without explicit opt-in at runtime. Even if intended to access subscriber-only or region-restricted subtitles, this expands the skill's access to authenticated browser state and can expose private session data to a downstream tool unnecessarily.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documented workflow states that TXT outputs are written and overwritten automatically, but the setup instructions do not prominently warn users that local files will be modified during scans. In an automated or scheduled context, silent overwrite behavior can cause unexpected data loss, clobber user edits, or corrupt downstream workflows that rely on those files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script reads cookies from local browser profiles and supplies them to yt-dlp without an explicit warning or consent flow. This creates a privacy and credential-handling risk because authenticated cookies may grant access to the user's account context, and users may not realize the skill is touching browser secrets at all.

External Transmission

Medium
Category
Data Exfiltration
Content
curl -s "https://api.bilibili.com/x/v3/fav/resource/list?media_id=3972051046&ps=20&pn=1"

# 带Cookie访问(私有收藏夹)
curl -s -b /tmp/cookies.txt "https://api.bilibili.com/x/v3/fav/resource/list?media_id=xxx&ps=20&pn=1"
```

## Cookie 提取(私有收藏夹/会员视频用)
Confidence
88% confidence
Finding
https://api.bilibili.com/

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High
Category
YARA Match
Content
--print title \
  "https://www.bilibili.com/video/BV1rPDkB7ESC/"
```
Confidence
93% confidence
Finding
cookies-from-browser "edge:C:/Users/$WIN_USER/AppData/Local/Microsoft/Edge

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal