Check the latest videos and updates of Bilibili ups and see if they have updated today
v1.0.0查看B站UP主的最新视频、动态,检查UP主今天是否更新。触发词:B站、UP主、视频更新、今天更新了吗、最新视频、最新动态、查看UP主
⭐ 0· 1.1k·2 current·2 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and SKILL.md implement exactly what the name/description promise: searching users, listing videos/dynamics, and checking if an UP updated today via Bilibili APIs. Requiring BILIBILI_COOKIES (to access certain API endpoints) is reasonable for this purpose. However, the registry metadata (requires.env) lists no required environment variables even though SKILL.md and the README instruct the user to set BILIBILI_COOKIES — that mismatch is an inconsistency (the skill will fail or ask for secrets but the registry doesn't declare them).
Instruction Scope
The SKILL.md instructs the agent/user to pip-install requirements and set BILIBILI_COOKIES, and then to run the included Python scripts. Runtime instructions do not ask the agent to read unrelated system files or exfiltrate data; the code only reads/writes a local cache (user_cache.json) and calls Bilibili API endpoints. SKILL.md also explicitly tells agents not to attempt alternative bypasses when rate-limited.
Install Mechanism
There is no automated install spec; this is an instruction-only skill that includes Python source files and a requirements.txt. The only dependency is requests (installed via pip as instructed). No remote binaries, URL downloads, or archive extraction are used — low install risk.
Credentials
The skill requires a Bilibili cookie (sensitive session credentials) to access some APIs, which is proportionate to the task. The problem is that the registry metadata does not declare any required environment variables (primaryEnv none / requires.env none) while SKILL.md and README instruct the user to set BILIBILI_COOKIES. That omission is a transparency/security concern: the skill will ask for/expects a secret that the registry listing did not surface. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request permanent platform privileges (always:false). It writes a local cache file (user_cache.json) into the skill folder — normal for caching search results; .gitignore deliberately excludes that file. The code does not modify other skills or system-wide agent settings.
What to consider before installing
This skill appears to do what it says (query Bilibili APIs for UP updates) and only communicates with Bilibili endpoints, but it requires your BILIBILI_COOKIES (session cookie) to work. Before installing or running it:
- Be cautious with session cookies: providing SESSDATA or full cookies gives code the ability to act as your account. Only supply cookies if you trust the code and maintainer. Consider using a disposable account or a cookie that has minimal privileges.
- The registry metadata did NOT declare the required BILIBILI_COOKIES env var — ask the publisher to add it to the manifest so permission requests are transparent.
- Inspect the included Python files locally (they are present in the package). Confirm the scripts only call api.bilibili.com / bilibili.com (they do) and do not post data to other hosts.
- Expect a user_cache.json file to be created next to the scripts; it contains cached username→mid entries. If you do not want on-disk cache, run the scripts in a disposable directory or remove cache-writing calls.
- Run the tool in an isolated environment (virtualenv or container) and avoid uploading your real account cookie to remote or shared environments.
If the publisher updates the registry metadata to declare BILIBILI_COOKIES explicitly and you validate the code locally, the remaining risks are normal for a tool that needs a site cookie.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
📺 Clawdis
OSmacOS · Linux · Windows
Binspython3
latest
B站UP主查看器
查看B站UP主的最新视频和动态,支持检查UP主今天是否更新。 如果遇到访问太频繁的问题,直接和用户说访问太频繁,不要尝试别的方式。
Setup
1. 安装依赖
pip install -r {baseDir}/requirements.txt
2. 设置环境变量
需要B站Cookies才能访问API。获取方法:登录 bilibili.com → F12 → Network → 复制任意请求的 Cookie 字段。
export BILIBILI_COOKIES="你的B站cookies"
Usage
第一步:获取UP主的 mid
a. 如果用户直接给了 mid(纯数字),直接进入第二步。
b. 如果用户给的是UP主用户名,先从本地缓存查找:
python3 {baseDir}/get_mid.py "用户名"
- 如果输出了 mid 数字,直接使用该 mid 进入第二步。
- 如果输出
NOT_FOUND,则通过搜索获取:
python3 {baseDir}/update_viewer.py --search "用户名" --count 1
从搜索结果中提取 mid 数字,进入第二步。
第二步:根据用户意图执行对应命令
根据用户的问题选择合适的命令:
场景A - 用户问"今天更新了吗"、"有没有新视频"等:
python3 {baseDir}/update_viewer.py --mid {MID} --videos --count 3
运行后,从输出中查看每条视频的「发布」时间,判断是否有今天的日期({今天的日期}),然后告诉用户今天是否有更新。如果有,列出今天更新的视频标题和链接。
场景B - 用户想查看最新视频列表:
python3 {baseDir}/update_viewer.py --mid {MID} --videos
场景C - 用户想查看最新动态:
python3 {baseDir}/update_viewer.py --mid {MID} --dynamics
命令行参数
update_viewer.py
| 参数 | 说明 | 必需 |
|---|---|---|
--mid | UP主的 mid | 与 --search 二选一 |
--search, -s | 根据用户名搜索UP主 | 与 --mid 二选一 |
--videos, -v | 显示最新视频 | 否 |
--dynamics, -d | 显示最新动态 | 否 |
--count, -n | 显示数量(默认3) | 否 |
注意事项
- Cookies 有效期有限,失效后需重新获取
- 请求频率不宜过高,建议间隔 1 秒以上
- 需要设置 BILIBILI_COOKIES 环境变量
Comments
Loading comments...