ClawHub

B站视频转录与总结(yt-dlp版)

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its stated Bilibili transcription purpose, but it needs review because it can send video audio to SiliconFlow and uses a shell command built from user-provided URLs.

Install only if you are comfortable with Bilibili audio being sent to SiliconFlow for transcription when subtitles are unavailable. Avoid using it on private or sensitive videos, and prefer a version that requires explicit ASR consent and replaces the execSync shell string with safe spawned arguments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that it will call SiliconFlow ASR when an API key is present, but it does not clearly warn that audio/content derived from the user's Bilibili video will be transmitted to an external third-party service for processing. This creates a privacy and data-handling risk because users may provide links containing sensitive, copyrighted, or private content without realizing the content leaves the local environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The metadata/description says the skill supports QQbot automatic pushing of results, but it does not clearly warn users that summaries or transcripts may be sent outward to another channel or service. This can expose potentially sensitive transcripts, summaries, or metadata to unintended recipients or external systems if auto-push is enabled without explicit user awareness.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script uploads full audio content to SiliconFlow for transcription, but the call site provides no explicit runtime notice, consent check, or data-handling warning before sending potentially sensitive user content to a third party. In a skill that processes arbitrary user-provided video links and may run automatically for QQbot push workflows, this creates a real privacy and data-governance risk even though it is part of the intended functionality.

External Transmission

Medium
Category
Data Exfiltration
Content
form.append("file", new Blob([buffer], { type: ext }), `audio.${filePath.endsWith(".m4a") ? "m4a" : "mp3"}`);
  form.append("model", model);

  const response = await fetch("https://api.siliconflow.cn/v1/audio/transcriptions", {
    method: "POST",
    headers: { Authorization: `Bearer ${apiKey}` },
    body: form,
Confidence
95% confidence
Finding
fetch("https://api.siliconflow.cn/v1/audio/transcriptions", { method: "POST"

External Transmission

Medium
Category
Data Exfiltration
Content
form.append("file", new Blob([buffer], { type: ext }), `audio.${filePath.endsWith(".m4a") ? "m4a" : "mp3"}`);
  form.append("model", model);

  const response = await fetch("https://api.siliconflow.cn/v1/audio/transcriptions", {
    method: "POST",
    headers: { Authorization: `Bearer ${apiKey}` },
    body: form,
Confidence
95% confidence
Finding
https://api.siliconflow.cn/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal