ClawHub

bilibili-subtitle-analysis

Security checks across malware telemetry and agentic risk

Overview

This skill has a plausible subtitle-download purpose, but it asks users to hand over Bilibili browser cookies and runs external downloader code through unsafe shell commands.

Review carefully before installing. Do not paste full Bilibili browser cookies into chat or logs; use a disposable account/session if you must test it. Run it only in a constrained environment, set an explicit trusted biliSub path, and inspect or pin the external biliSub code before allowing downloads or ASR processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The README explicitly instructs users to extract browser cookies from bilibili.com and send them to the agent/system ('复制发给openclaw'). Session cookies are authentication secrets; disclosing them to a third party can enable account hijacking, impersonation, and access beyond the narrow need of subtitle retrieval. In this skill context, requesting full account cookies is disproportionate to the feature and materially increases risk.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill probes a wide set of filesystem locations including the user's home, Documents, Downloads, and environment-derived paths to locate an external biliSub project. That exceeds the minimum access needed for a subtitle tool and can reveal the presence of local directories or enable execution of an attacker-planted script from an unintended location, increasing the attack surface.

Missing User Warnings

High
Confidence
98% confidence
Finding
The instructions tell users to copy and send Bilibili cookies without any privacy, retention, or credential-handling warning. This normalizes unsafe secret-sharing behavior and can lead users to expose long-lived authentication material to logs, operators, or downstream services, creating immediate account-compromise risk.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger conditions are broad: any request to download Bilibili subtitles, analyze subtitle content, or generate reports could activate the skill without clear scoping or confirmation. In an agent environment, overly broad activation can cause unintended tool use, unexpected network access, or processing of user-provided URLs/files that the user did not intend to hand over automatically.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description advertises subtitle download, batch download, ASR, and proxy support but does not clearly warn that these operations perform network requests and may transmit data to external services or through user-configured proxies. That omission reduces informed consent and can lead to unintended data exposure, especially when batch processing multiple URLs or using external ASR-related dependencies.

Ssd 3

High
Confidence
99% confidence
Finding
These lines instruct the operator to open browser developer tools, locate bilibili.com cookies, and provide them to another system. That is a direct request for disclosure of sensitive authentication data, which can be replayed to access the user's account and potentially evade normal password/MFA protections while the session remains valid.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal