ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

追剧/追番技能, 支持投屏到电视

用于追剧/追番的技能,为AI提供搜索影视播放地址的能力,并支持在小米电视上直接播放。当用户想搜索影视、动漫、短剧、综艺等节目信息或更新进度时使用此技能。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
4 · 1.2k · 2 current installs · 2 all-time installs
byAlone@al-one
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (search streaming sources and cast to TVs) aligns with the runtime commands (mcporter/uvx calls and mitv/tvbox play commands). However the registry metadata does not declare the optional environment variables (MITV_LOCAL_IP, MITV_LIST_CFG, TVBOX_LOCAL_IP, TVBOX_LIST_CFG) that the SKILL.md explicitly requires for casting — this is an inconsistency the author should have declared.
!
Instruction Scope
SKILL.md tells the agent to run npx -y mcporter ... 'uvx mcp-vods' which will fetch and execute code from npm at runtime, and to send media URLs to local device IPs (Xiaomi / Android TV). That means the agent will: (a) download/execute code from the network each run, and (b) communicate with local network devices using addresses supplied via env vars. The instructions also reference env vars not present in the registry metadata.
!
Install Mechanism
There is no install spec; instead the skill relies on npx -y to fetch and execute mcporter/mcp-vods on demand. Using npx implies transient downloading and running of remote packages from the npm registry each time — this is higher risk than pure instruction-only behavior because arbitrary code will be executed at runtime.
!
Credentials
Registry declares no required env vars, but SKILL.md expects MITV_LOCAL_IP / MITV_LIST_CFG and TVBOX_LOCAL_IP / TVBOX_LIST_CFG to enable casting. The skill accesses env vars that are not declared in the metadata (a mismatch). Those env vars control local network targets (TV IPs) — sensitive in that they enable contacting devices on the user's LAN.
Persistence & Privilege
always:false and no install-time persistence or modification of other skills is requested. The skill does not request permanent/system-level privileges in the metadata.
What to consider before installing
This skill appears to do what it says (search streaming sources and cast to TVs) but there are a few risks and inconsistencies you should weigh: 1) Runtime code-fetch: the SKILL.md uses `npx -y mcporter` which will download and execute packages from npm each time the skill runs — only install/use this if you trust the mcporter/mcp-vods packages and their upstream authors. 2) Undeclared env vars: the doc requires MITV_LOCAL_IP / MITV_LIST_CFG and TVBOX_LOCAL_IP / TVBOX_LIST_CFG to perform casting, but those are not declared in the skill metadata; the author should add them so you can review and control what gets provided. 3) Local network access: casting requires contacting devices on your LAN using the provided IPs — avoid exposing sensitive devices and consider using a test network if unsure. 4) No code is packaged in the skill itself, so you should inspect the referenced GitHub repo and the npm packages (mcporter, uvx, mcp-vods) before using. If you decide to proceed: verify package provenance (npm author, GitHub repo contents), run in an isolated environment or container first, and only provide TV IPs you control.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk97es4m4k2gsr6qk0ryqnrynth80yx5m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📺 Clawdis
Binsnpx, uvx

SKILL.md

追剧/追番技能

通过npx -y mcporter连接mcp-vods在多个源站中搜索影视、动漫、短剧、综艺等节目信息或更新进度。 并支持通过配置可选的电视IP环境变量,实现投屏到电视上播放。

搜索工具

该工具需要在多个源站搜索,比较耗时,需要更多的超时时间,如果遇到超时,可以重新尝试。

  • npx -y mcporter call --stdio 'uvx mcp-vods' vods_search keyword="影视名称"
  • npx -y mcporter call --stdio 'uvx mcp-vods' vods_search keyword="影视名称" page=2

小米电视投屏工具

  • 需要配置环境变量MITV_LOCAL_IPMITV_LIST_CFG才能使用此工具。
  • npx -y mcporter call --stdio 'uvx mcp-vods' mitv_play_media url="影视URL" addr="小米电视IP"

安卓电视投屏工具

  • 需要配置环境变量TVBOX_LOCAL_IPTVBOX_LIST_CFG并在电视上安装TvBox才能使用此工具。
  • npx -y mcporter call --stdio 'uvx mcp-vods' tvbox_play_media url="影视URL" addr="安卓电视IP"

获取工具列表

  • npx -y mcporter list --stdio 'uvx mcp-vods' --schema --all-parameters

为了更好的兼容性,执行命令时使用npx -y mcporter替代mcporter

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…