Back to skill

Security audit

Bilili-downloader

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Bilibili downloader that runs yt-dlp on a user-provided URL and saves media locally, with dependency hygiene caveats.

Install this only if you want an agent to download Bilibili media through yt-dlp. Confirm the URL, format, and batch setting before running it, expect downloaded files in the current working directory, and avoid providing account cookies unless you deliberately need restricted content. Prefer updating the package to pin a current yt-dlp release.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to execute a local Python script from the markdown-defined workflow, which constitutes shell/code execution capability, but no corresponding permissions are declared. That mismatch weakens the platform's trust and containment model because a user-facing skill can trigger command execution without explicit disclosure or gating, increasing the risk of unintended command use or abuse if inputs are not tightly constrained.

Unpinned Dependencies

Low
Category
Supply Chain
Content
yt-dlp>=2023.01.01
Confidence
93% confidence
Finding
yt-dlp>=2023.01.01

Known Vulnerable Dependency: yt-dlp==2023.01.01 — 10 advisory(ies): CVE-2023-46121 (yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection); CVE-2023-40581 ( yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`); GHSA-69qj-pvh9-c5wg (yt-dlp: Arbitrary command injection possible if --exec option used with yt-dlp) +7 more

Critical
Category
Supply Chain
Confidence
97% confidence
Finding
yt-dlp==2023.01.01

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.