Bilibili Video Summary
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill runs local code and helper tools such as yt-dlp and whisper-cli on the user's machine.
The skill instructs the agent to run a local Python script, which is expected for extracting and transcribing video content.
python bili-transcript.py "<video_url>"
Use trusted copies of the script and dependencies, and run it only for videos you intend to process locally.
Dependency behavior may vary depending on what versions are installed, and external binaries/models should come from trusted sources.
The Python dependencies use lower-bound version ranges rather than pinned versions, and the README also expects a separately downloaded whisper.cpp binary/model.
yt-dlp>=2024.0 av>=10.0.0
Install dependencies from trusted package indexes, consider pinning versions, and download whisper.cpp/model files only from reputable releases.
If the user configures yt-dlp or the environment with authenticated Bilibili access, the tool may process restricted account-accessible content.
The documentation acknowledges that some Bilibili content may require login, although the artifacts do not show explicit credential collection or token handling.
Some content requires login (paid courses, restricted videos) — may fail
Avoid exposing browser cookies or authenticated profiles unless necessary, and understand what account-accessible content the tool may fetch.
Transcript and comment data remains on disk after the run and may include public usernames, comments, or restricted-video content if authenticated access is used.
The skill stores retrieved video transcripts and community content locally for the agent to read and summarize.
Output files are saved to `./bili-output/`: `transcript.txt`, `danmaku.json`, `comments.json`
Delete output files when no longer needed, and treat transcript/comment text as untrusted content to summarize rather than instructions to follow.