ClawHub

Bilibili Video

Security checks across malware telemetry and agentic risk

Overview

This Bilibili transcript tool is useful, but it needs review because it stores and refreshes Bilibili login cookies and can download or save video-derived files.

Install only if you are comfortable with a local skill contacting Bilibili, saving transcripts or audio files, running ASR fallback tooling, and storing reusable Bilibili session cookies. Prefer unauthenticated use when possible, avoid pasting raw cookies into chat, and delete the saved cookie file and /tmp/openclaw/bilibili/ outputs when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes capabilities to read and write local files, perform network access to Bilibili, and invoke shell commands, but no explicit permissions are declared. This weakens governance and user awareness, making it easier for a skill with meaningful side effects to run without clear approval boundaries.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include broad terms like “B站”, “bilibili”, “看这个视频”, and “视频内容”, which can appear in ordinary conversation and may activate the skill unintentionally. Because the skill can download audio, access network resources, and write transcripts to disk, accidental activation has real side effects beyond a harmless misfire.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill mentions output paths and audio transcription behavior, but it does not clearly warn users up front that it may download audio files and persist transcript output under /tmp/openclaw/bilibili/. In a skill with fallback logic and external processing, omission of these side effects reduces transparency and can expose users to unexpected storage, privacy, and data-handling risks.

Missing User Warnings

Medium
Confidence
73% confidence
Finding
The script automatically refreshes Bilibili session cookies and writes updated credential material back to disk without explicit user confirmation. In an agent or shared-workspace context, silent persistence of refreshed tokens increases the chance of unintended credential retention, misuse by other local processes, or leakage from the workspace.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal