ClawHub

Bilibili & YouTube Watcher

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it uses yt-dlp to fetch subtitles from user-provided YouTube or Bilibili videos, with no evidence of hidden persistence, exfiltration, or destructive behavior.

Install only if you are comfortable with the agent contacting YouTube or Bilibili through yt-dlp for videos you ask it to analyze. Prefer brew or pip for installing yt-dlp, and avoid using the optional browser-cookie troubleshooting command unless you intentionally want yt-dlp to access your logged-in browser session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises and invokes a Python script that reads local files, performs network access, and shells out to `yt-dlp`, but it does not declare corresponding permissions. This creates a trust and policy gap: the runtime may grant more capability than users or reviewers expect, and a transcript-fetching skill that accepts arbitrary URLs can reach external resources and invoke external binaries without explicit disclosure.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase `analyze video` is broad enough to match many unrelated user requests, causing the skill to activate outside its intended narrow function of fetching transcripts from supported platforms. Over-broad activation can route arbitrary user-provided URLs or content into a networked, shell-capable workflow, increasing the chance of unintended external access or misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal