ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bilibili Player

v1.0.0

B 站视频播放器。用 Playwright 搜索 B 站视频并获取准确链接,然后用 open 命令在当前浏览器打开播放。Use when users request to play Bilibili videos or search for specific content.

0· 763·4 current·4 all-time
byniuyufu@e421083458
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the scripts perform a Bilibili search with Playwright and open the result in the system browser. There are no unrelated environment variables, binaries, or services requested.
Instruction Scope
SKILL.md and the scripts stick to the stated task (search + open). One minor implementation detail: the keyword is interpolated into the search URL without URL-encoding, which can lead to malformed searches for special characters (functional bug, not evidence of exfiltration). The instructions do not read or transmit other system files or credentials.
Install Mechanism
There is no automated install spec (instruction-only). The README notes Playwright must be installed via pip; Playwright also requires downloaded browser binaries (playwright install) which the skill does not automate. This is expected but worth noting: running the script requires the user to install Playwright and the browsers manually.
Credentials
The skill requires no environment variables or secrets and the code does not access credentials or config paths. Network activity is limited to Bilibili search pages and opening resulting links in the user's browser.
Persistence & Privilege
The skill does not request permanent presence (always=false) and does not modify agent/system configurations. It simply runs the provided scripts when invoked.
Assessment
This skill appears coherent and limited to its stated purpose, but before running it: (1) ensure you install Playwright and its browser binaries (pip install playwright && playwright install) on the machine that will run the script; (2) note the scripts are macOS-focused (use xdg-open or start on Linux/Windows); (3) be aware the script will open whatever URL it finds in your default browser—only run it with trusted search terms and review the code if you want to confirm behavior; (4) consider URL-encoding search keywords to avoid malformed searches; (5) run in a user account/environment you control if you have concerns about automated browser activity.

Like a lobster shell, security has layers — review code before you run it.

latestvk979rq6ef604kbqykbtqwzdecx81k97t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments