ClawHub

bilibili-upload

v1.0.0

Upload videos to Bilibili (哔哩哔哩). Supports automatic login, title, description, tags, and partition selection.

0· 533·1 current·1 all-time
byzorro@izorro
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: upload.py builds and runs a 'biliup upload' command. Minor inconsistency: registry metadata lists no required binaries, but the runtime depends on the 'biliup' command (SKILL.md instructs pip install biliup). This is expected for an instruction-only skill but should be documented in metadata.
Instruction Scope
SKILL.md instructs the user to install and run 'biliup login' interactively to scan a QR code; the included script only validates the video path, sets local UTF-8 settings on Windows, and invokes 'biliup'. The instructions do not ask the agent to read unrelated files or exfiltrate data.
Install Mechanism
There is no install spec (instruction-only). SKILL.md says 'biliup' will be installed automatically on first use, but upload.py does not perform installation itself — installation relies on the environment or user running 'pip install biliup'. No downloads or obscure URLs are present in the skill files.
Credentials
The skill declares no required environment variables or credentials. It sets PYTHONIOENCODING in-process on Windows to avoid Unicode issues. Authentication is handled by 'biliup' via an interactive QR login which stores cookies locally; that is proportionate to the upload purpose.
Persistence & Privilege
The skill does not request 'always' privilege and does not modify other skills or system-wide agent settings. Persistent state (login cookies) is created/managed by 'biliup' and is normal for an uploader.
Assessment
This skill appears to simply call the third-party 'biliup' uploader to upload local video files. Before using it: (1) ensure you trust the 'biliup' package from PyPI and consider auditing its source or installing it yourself (pip install biliup) rather than relying on an automatic installer; (2) be aware authentication is via an interactive QR code and 'biliup' will save login cookies locally (inspect where those cookies live if you care about token storage); (3) the skill invokes a subprocess ('biliup'), so the security depends on that external tool — run in a sandbox or isolated environment if you have concerns; (4) the SKILL.md claims automatic install but the provided script does not perform pip installation, so ensure 'biliup' is present on PATH before running.

Like a lobster shell, security has layers — review code before you run it.

latestvk974m0t1y1hpv09zac8t4qbn2982ppx2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments