Bilibili Video Downloader
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill mostly matches a Bilibili downloader, but one helper script builds Python code from raw command arguments, so a crafted UID or limit could run unintended local code.
Wait for the argument-handling bug to be fixed before using UP-video-list features, or run only in a sandbox and pass strictly numeric UID/limit values. Prefer manual download commands, avoid administrator/root execution, and protect any Bilibili cookies.txt file.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted UID or count value could cause the agent's local environment to run unintended commands when this script is invoked.
UID and LIMIT come directly from command-line arguments and are expanded into Python source before execution; crafted values can break out of the intended string/number context and execute arbitrary Python code.
UID="${1:-}"; LIMIT="${2:-30}"; ... python3 << EOF ... uid = "$UID" ... limit = int($LIMIT)Validate UID and LIMIT as numeric values before use, or pass arguments to Python via argv/environment/JSON quoting rather than interpolating them into a here-document.
Running the check script can modify the user's Python environment and fetch the latest available yt-dlp version.
A script described as a dependency check can install an unpinned package from the Python package ecosystem when yt-dlp is missing.
echo " 正在安装..." pip3 install yt-dlp
Install dependencies yourself from trusted sources, preferably in a virtual environment, and pin versions if reproducibility matters.
Anyone with access to the cookies file may be able to use the associated Bilibili session, and the file will be sent to Bilibili through yt-dlp during downloads.
When a cookies.txt file is present, downloads use it with yt-dlp; this is expected for logged-in or member-only Bilibili downloads but can carry account session credentials.
--cookies cookies.txt 2>/dev/null || yt-dlp "$url"
Only create cookies.txt when needed, keep it private, delete it after use if possible, and avoid sharing the skill directory.
If the agent or another skill misbehaves while elevated, the damage could extend beyond a normal download folder.
The optional permissions guide suggests running the agent with elevated privileges or broad write permissions to enable direct downloads, while also warning about the risks.
以管理员身份运行 QClaw ... icacls ... /grant Everyone:F ... sudo -S command
Prefer the documented manual-download workflow or a dedicated low-privilege download directory; avoid running the agent as administrator/root for this skill.