Bilibili Digest

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed Bilibili summarization tool that fetches public video data, uses an LLM for summaries, and writes local note files.

Install if you are comfortable with Bilibili content being fetched, cached locally, written into note files, and summarized by the configured LLM. Avoid using it on private notes or sensitive pasted context unless you are comfortable with that content being processed by the model runtime.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill clearly describes network access to Bilibili APIs plus local caching and output writing, yet no permissions are declared. This undermines least-privilege expectations and can cause users or a host platform to approve or run a skill without understanding that it will access the network and write files to disk.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 80% confidence
Finding: The declared description is narrower than the documented behavior: the skill also performs danmaku sentiment analysis, cross-video merging, multiple export flows, and broader URL handling. This can mislead users and reviewers about data processing scope, especially when additional content is analyzed, transformed, and exported beyond simple extraction/summarization.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill states that it calls an external LLM for summarization but does not prominently warn users that extracted Bilibili content may be sent to a third-party model provider. This creates a data disclosure risk because subtitles, descriptions, danmaku, and possibly user-supplied notes could leave the local environment without informed consent.

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The skill documents a 24-hour local cache and output directory behavior but does not clearly warn users that fetched content and generated results are stored on disk. This can expose sensitive research notes or copyrighted/transcribed content to other local users, backups, or endpoint monitoring tools.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal