Bilibili Helper

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill mostly generates Bilibili content, but its bundled draft tool can read or write outside its intended draft folder if given path-like draft names.

This appears to be a local content-template helper rather than a Bilibili account automation tool. The main thing to check before installing is the draft feature: avoid using path-like draft names, and be aware that drafts and some topics are saved locally under a bilibili-helper data directory.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

If the agent or user passes an unsafe draft name, the helper could overwrite or display local Markdown files outside its own draft area.

Why it was flagged

The draft name is embedded directly into a file path without rejecting slashes or resolving the path back under the drafts directory. A name containing ../ could escape the intended drafts folder and read or write other .md paths accessible to the user.

Skill content

save) cat > "$DATA_DIR/drafts/${2:?}.md"; ... show) [ -f "$DATA_DIR/drafts/${2:?}.md" ] && cat "$DATA_DIR/drafts/$2.md"

Recommendation

Restrict draft names to safe basenames, reject path separators and .. components, and verify the resolved path stays inside the drafts directory before reading or writing.

Low

#ASI06: Memory and Context Poisoning

What this means

Video topics, drafts, or private planning notes may remain on disk after using the helper.

Why it was flagged

The script creates a persistent local data directory, stores drafts, and logs some command topics to history.log.

Skill content

DATA_DIR="${BILI_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/bilibili-helper}"
mkdir -p "$DATA_DIR/drafts"
_log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; }

Recommendation

Use the draft feature only for content you are comfortable storing locally, and periodically review or delete the bilibili-helper data directory if needed.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The skill may be harder to verify or run consistently because the documented commands are not backed by a clear install specification.

Why it was flagged

The package nevertheless includes executable bash/Python scripts and SKILL.md documents local CLI commands, so the runtime and install contract are not fully described by the registry metadata.

Skill content

No install spec — this is an instruction-only skill. Required binaries: none.

Recommendation

Before installing or invoking commands, confirm which script is being executed and whether bash/Python are available; maintainers should add an explicit install/runtime declaration.