Bilibili Video Summary

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it fetches Bilibili video text and community data, runs local tools when needed, and saves outputs locally.

Install only if you are comfortable running local Python, yt-dlp, and optional whisper.cpp. Confirm the input is a Bilibili video before running it, use trusted whisper binaries/models, avoid sensitive shared output directories, and delete bili-output files when you no longer need stored transcripts or comment data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: print(f"🎤 Transcribing with whisper.cpp...", file=sys.stderr) result = subprocess.run(cmd, capture_output=True, text=False) txt_output = str(Path(wav_path).with_suffix(".wav.txt"))
Confidence: 78% confidence
Finding: result = subprocess.run(cmd, capture_output=True, text=False)

Tainted flow: 'cmd' from os.environ.get (line 366, credential/environment) → subprocess.run (code execution)

Medium

Category: Data Flow
Content: print(f"🎤 Transcribing with whisper.cpp...", file=sys.stderr) result = subprocess.run(cmd, capture_output=True, text=False) txt_output = str(Path(wav_path).with_suffix(".wav.txt"))
Confidence: 92% confidence
Finding: result = subprocess.run(cmd, capture_output=True, text=False)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill instructs the agent to invoke a Python script, access environment variables, read and write local files, use network access to Bilibili APIs and yt-dlp, and execute shell commands, yet no permissions are explicitly declared. This creates a trust and review gap: operators may approve or route the skill without understanding that it performs network retrieval and disk writes, increasing the chance of unintended data access or execution in overly privileged environments.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad phrases such as 'video content', 'video summary', and 'extract video text', which can match ordinary requests unrelated to Bilibili. In an agent environment, that can cause accidental activation of a skill that performs network fetches, transcription, and file writes when the user did not intend to invoke this specific tool.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The workflow says it will fetch comments and danmaku and save transcript and JSON outputs under ./bili-output/, but the skill description does not clearly warn users up front that public community data will be collected and multiple files will be written to disk. This lack of transparency can lead to privacy, compliance, and operational surprises, especially in shared or sensitive environments where persistent local artifacts are undesirable.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal