bilibit
Security checks across malware telemetry and agentic risk
Overview
This appears to be a real Bilibili downloader, but it auto-downloads an executable dependency and includes shell-based command execution that users should review before installing.
Install only if you are comfortable with an npm postinstall step downloading BBDown from GitHub. Prefer verifying or manually installing BBDown yourself, avoid passing cookie files unless needed, and remember that download history is stored locally under ~/.bilibit.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package may place a downloaded executable on the machine; if the release source or download path is compromised, that binary could run with the user's privileges when used.
The installer downloads a third-party BBDown zip, extracts it, and marks the binary executable, with no checksum or signature verification shown.
const curl = spawn('curl', ['-L', '-o', zipPath, downloadUrl], { stdio: 'ignore' }); ... const unzip = spawn('unzip', ['-o', '-q', zipPath, '-d', installDir], { stdio: 'ignore' }); ... fs.chmodSync(installPath, '755');Verify the BBDown source and checksum before installing, or install BBDown through a trusted package manager and disable/review postinstall behavior.
A crafted argument could be handled by the system shell rather than only by BBDown, increasing command-injection risk if the wrapper is invoked with untrusted input.
The wrapper sends command-line arguments into a shell-enabled child process, which is riskier than spawning the executable directly with shell disabled.
const args = process.argv.slice(2); ... spawnSync(bbdownPath, args, { stdio: 'inherit', shell: true });Use shell: false for the wrapper and validate or restrict arguments, especially URLs and file paths supplied through an agent.
A cookie file may grant access to the user's Bilibili account session, so it should be treated like a credential.
The tool can pass a user-provided Bilibili cookie file to BBDown for premium content access.
if (options.cookieFile) { args.push('--cookie', options.cookieFile); }Only provide a cookie file when necessary, use the least-privileged/account-specific cookie possible, and avoid sharing logs or command histories that reveal its path.
Anyone with access to the local account could see the user's Bilibili download history and saved file locations.
The tool persists download history, including URLs, titles, and local paths, in a local file under the user's home directory.
const configDir = path.join(homeDir, '.bilibit'); ... return path.join(configDir, 'history.json'); ... history.unshift(newRecord);
Review or clear ~/.bilibit/history.json if download history is sensitive, and consider adding an option to disable history.