Skillv1.0.0

ClawScan security

Bilibili Transcriber · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 22, 2026, 2:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it claims (download Bilibili audio, use local faster-whisper or cloud Paraformer to transcribe, then summarize), but there are notable inconsistencies and privacy/credential risks you should understand before installing.
Guidance: This skill appears to implement the described Bilibili -> transcription -> summary flow, but take these precautions before installing: - Credential caution: The cloud path requires DASHSCOPE_API_KEY (Paraformer). The code will also accept OPENAI_API_KEY and send it as a Bearer token to dashscope.aliyuncs.com — do not set your OpenAI key as a convenience fallback unless you understand that it will be sent to a third party. - Privacy: Using cloud transcribe uploads your audio to dashscope.aliyuncs.com / OSS temporary storage. If the audio contains sensitive information, prefer the local faster-whisper path. - Model downloads and mirrors: The skill sets HF endpoint to a mirror and can download models via ModelScope/snapshot_download. Only proceed if you trust those hosts (hf-mirror.com / ModelScope / the model owners listed). Consider running in an isolated environment if you are concerned. - Registry mismatch: The registry metadata did not declare required environment variables, but the code and SKILL.md do. Treat the skill as requiring optional cloud credentials and verify any env vars before exporting them. - Operational safety: The skill runs network I/O (calls Bilibili APIs, downloads audio, posts to Paraformer, downloads models). Review the included Python files yourself or run the skill in a sandbox/VM if you have limited trust. If you only want local transcription, do not set DASHSCOPE_API_KEY / OPENAI_API_KEY and ensure faster-whisper, yt-dlp and ffmpeg are installed locally; then the skill will fall back to offline transcription.

Review Dimensions

Purpose & Capability: noteName/description match the code: modules implement Bilibili metadata fetch, subtitle fetching, audio download, local faster-whisper transcription, and an optional cloud Paraformer flow. The presence of model download logic, model selection heuristics, and yt-dlp/ffmpeg usage is coherent for the described goal.
Instruction Scope: okSKILL.md and the Python modules consistently instruct: check for B站 CC subtitles first, otherwise download audio (yt_dlp), optionally convert with ffmpeg, transcribe locally or upload to cloud Paraformer, then produce a Markdown summary. The instructions reference environment variables (DASHSCOPE_API_KEY, OPENAI_API_KEY) and recommend pip installs; these actions stay within the stated purpose (they do network I/O, file I/O, and model downloads which are expected for transcription).
Install Mechanism: noteThere is no formal install spec in the registry (instruction-only), but included code performs model downloads at runtime (ModelScope/snapshot_download and setting HF mirror), uses pip-installable packages (faster-whisper, yt-dlp, dashscope), and expects ffmpeg installed separately. Runtime model downloads from third-party mirrors (hf-mirror.com / ModelScope) are common for large models but increase trust surface (you should trust those hosts).
Credentials: concernRegistry metadata lists no required env vars, but both SKILL.md and cloud_transcriber.py require/expect DASHSCOPE_API_KEY or OPENAI_API_KEY for cloud Paraformer. The code will accept OPENAI_API_KEY as a fallback and send it as a Bearer token to dashscope.aliyuncs.com — this can cause accidental leakage of an OpenAI key to a third-party service if the user sets that variable. The skill also uploads audio (potentially sensitive) to an external cloud when cloud mode is used; that is functionally coherent but has privacy implications that are not surfaced in the registry metadata.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated system-wide privileges. It does cache models in the user's home cache directory (~/.cache/modelscope) and keeps model instances in memory while running (normal for a transcriber). No code modifies other skills or global agent settings.