ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

bilibili-subtitle-analysis

v1.0.3

B站字幕下载分析工具,基于 biliSub 项目。 支持:下载字幕、批量下载、内容分析、内容分析报告。 触发条件:用户要求下载B站字幕、分析字幕内容、生成内容报告。

0· 96·0 current·0 all-time
by@guige821
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's claimed purpose (download + analyze Bilibili subtitles) is consistent with the shipped code (index.js runs a Python biliSub script and performs text analysis). However the README/SKILL.md ask users to extract their B站 cookie and '发给openclaw' (send to openclaw), which is not reflected in declared requirements (no required env vars) and is unnecessary to document as external exfiltration. The code expects a local biliSub clone and may use cookies implicitly via the underlying Python script, but the instruction to send cookie data externally is disproportionate to the stated purpose.
!
Instruction Scope
SKILL.md/README instructs cloning biliSub, installing Python deps, and obtaining a Bilibili cookie via browser devtools. README explicitly tells users to '复制发给openclaw' (copy and send the cookie to openclaw), which directs sensitive credentials outside the user's environment. The runtime code (index.js) also scans various filesystem locations for a local 'biliSub' (including HOME, Downloads, Documents and a '.openclaw' path), reads environment variables broadly (process.env), and executes a Python script via child_process.execSync—behavior that goes beyond just parsing a single input file and can access user filesystem/environment context.
Install Mechanism
There is no formal install spec in the skill manifest, but SKILL.md instructs manual steps: git clone of an external GitHub repo and pip installs (including optional whisper/openai-whisper). Those are common for this kind of tool but require running arbitrary Python code from a third-party repo. No downloads from unknown shorteners are used, but the user is expected to run third-party code (biliSub) locally.
!
Credentials
The manifest declares no required environment variables or credentials, yet index.js reads and uses multiple env vars if present (BILI_OUTPUT_DIR, BILISUB_PATH, BILI_PYTHON_LIB, BILI_PROXY, BILI_PYTHON). README asks for a Bilibili login cookie and instructs sending it to the platform. Asking for a full login cookie (which can grant account access) and telling users to transmit it externally is a disproportionate and risky requirement for a subtitle downloader/analyzer.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills. However it probes user directories (including a '.openclaw' folder and multiple home/downloads paths) to locate biliSub, which reads system state beyond the immediate working directory. This is not shown as a declared permission and could reveal the presence of files/folders on the host.
What to consider before installing
This skill's core functionality (downloading/analyzing subtitles) appears plausible, but there are red flags you should consider before installing: - Do NOT share your Bilibili cookie or any login credentials with the skill author or any external service. The README explicitly says to '复制发给openclaw' (copy and send the cookie to openclaw) — that is unnecessary and dangerous. A cookie can allow account access and should remain local. - The package runs a third-party Python script (biliSub) and asks you to git clone and pip install dependencies. Only do this if you trust the biliSub repo and are comfortable running its code locally. - The shipped JS probes many filesystem locations (HOME, Downloads, Documents, .openclaw) to find a biliSub copy. If you are concerned about privacy, run the tool in a sandboxed environment or container where it cannot access your personal files. - Prefer configuring any required cookie or credentials locally (e.g., set them in a local file or environment variable on your machine) rather than sending them to the skill author or platform. Ask the maintainer to provide explicit, local-only configuration instructions (e.g., set BILISUB_COOKIE or place a cookie file in the skill directory) instead of asking you to transmit secrets. - If you need stronger assurance, review the referenced enhanced_bilisub.py (and any pip-installed packages) before running, or use a throwaway Bilibili account with no personal data. Given the explicit instruction to externally transmit a login cookie and the code's filesystem probing, treat this skill as suspicious until the author clarifies how credentials are handled and removes any instruction to send cookies off-platform.
index.js:89
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk974kqmjg761kn8zqygknbxkm583876j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments