ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bilibili Transcript

v2.2.0

Transcribe Bilibili videos to text with high accuracy using Whisper medium model. Use when the user provides a Bilibili video URL (BVxxxxx) and wants to: (1)...

1· 737·3 current·3 all-time
by@54lynnn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the actual script: it downloads subtitles or audio from Bilibili and transcribes with Whisper. However registry metadata says no required binaries while SKILL.md/README clearly require yt-dlp, whisper, ffmpeg and optionally opencc; README also lists a different version (2.8.0) than registry (2.2.0). SKILL.md claims default output folder 'workspace/Bilibili transcript/' but the script defaults OUTPUT_DIR to /tmp — documentation and implementation are inconsistent.
!
Instruction Scope
The runtime script probes local environment: it lists /mnt/c/Users to detect a Windows user and reads browser profile directories (WSL Chromium path and Windows Edge user data) to pass to yt-dlp's --cookies-from-browser. That means the script will attempt to read browser cookies (auth tokens) for member-only content. This is privacy-sensitive but is coherent with the stated goal of accessing member-only AI subtitles; still the script automatically searches for cookie locations without explicit interactive consent beyond 'log in in browser'.
Install Mechanism
No install spec is present (instruction-only plus a shell script). No remote downloads or archive extraction are performed by the skill itself. The script relies on external binaries (yt-dlp, whisper, etc.) already on the host.
!
Credentials
No environment variables or external credentials are declared, which is good, but the script accesses local browser cookie stores via yt-dlp --cookies-from-browser and probes /mnt/c/Users. Those actions grant access to authentication cookies and reveal local usernames/profile paths. This access is proportionate to the stated need (member-only subtitles) but is sensitive and not explicitly reflected in registry 'required config paths' metadata.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges or modify other skills or system-wide configuration. It writes transcript files to an output directory (default /tmp or user-specified).
Scan Findings in Context
[pre-scan-injection-signals] expected: No pre-scan injection signals were detected. The lack of findings is plausible because this is a small shell script and the functionality requires local cookie access and yt-dlp usage, which are normal for this purpose.
What to consider before installing
What you should consider before installing or running this skill: - The script will attempt to read browser cookies (via yt-dlp --cookies-from-browser) to access member-only AI subtitles. That means local authentication cookies from Chromium/Edge may be read; if you are uncomfortable exposing those cookies to a third-party script, do not run it or run without cookie support. - The documentation and implementation disagree in a few places: README version (2.8.0) differs from registry (2.2.0); SKILL.md claims a default 'workspace/Bilibili transcript/' folder while the script defaults to /tmp; registry metadata lists no required binaries while the script requires yt-dlp, whisper, possibly ffmpeg and python3. Treat these as signs you should inspect the script before use. - The script probes the filesystem (e.g., lists /mnt/c/Users) to find Windows profile paths. If you run this on a multi-user or sensitive system, consider running it in a container or VM to avoid leaking local usernames or browser profiles. - If you trust the author and want full functionality, ensure yt-dlp, whisper and ffmpeg are installed from trusted sources. If you only want non-authenticated transcripts, run the script in no-cookie mode or remove the cookie-detection block. - If you are unsure, run the script in an isolated environment (container or throwaway VM), or manually step through the script to confirm behavior; the code is short and readable but performs sensitive local file access. Additional actions that would increase confidence: confirm the authoritative source/homepage and a stable matching version, or have the author update registry metadata to declare required binaries and the intended default output path.

Like a lobster shell, security has layers — review code before you run it.

latestvk973q8ddjg0zm3pv7kenb2jtns832tg2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments