Skillv1.0.0

ClawScan security

Check the latest videos and updates of Bilibili ups and see if they have updated today · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 1:10 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior matches its stated purpose (checking Bilibili UP updates) and only talks to Bilibili APIs, but it requires a sensitive Bilibili cookie while the registry metadata does not declare that requirement — an incoherence you should understand before installing.
Guidance: This skill appears to do what it says (query Bilibili APIs for UP updates) and only communicates with Bilibili endpoints, but it requires your BILIBILI_COOKIES (session cookie) to work. Before installing or running it: - Be cautious with session cookies: providing SESSDATA or full cookies gives code the ability to act as your account. Only supply cookies if you trust the code and maintainer. Consider using a disposable account or a cookie that has minimal privileges. - The registry metadata did NOT declare the required BILIBILI_COOKIES env var — ask the publisher to add it to the manifest so permission requests are transparent. - Inspect the included Python files locally (they are present in the package). Confirm the scripts only call api.bilibili.com / bilibili.com (they do) and do not post data to other hosts. - Expect a user_cache.json file to be created next to the scripts; it contains cached username→mid entries. If you do not want on-disk cache, run the scripts in a disposable directory or remove cache-writing calls. - Run the tool in an isolated environment (virtualenv or container) and avoid uploading your real account cookie to remote or shared environments. If the publisher updates the registry metadata to declare BILIBILI_COOKIES explicitly and you validate the code locally, the remaining risks are normal for a tool that needs a site cookie.

Review Dimensions

Purpose & Capability: noteThe code and SKILL.md implement exactly what the name/description promise: searching users, listing videos/dynamics, and checking if an UP updated today via Bilibili APIs. Requiring BILIBILI_COOKIES (to access certain API endpoints) is reasonable for this purpose. However, the registry metadata (requires.env) lists no required environment variables even though SKILL.md and the README instruct the user to set BILIBILI_COOKIES — that mismatch is an inconsistency (the skill will fail or ask for secrets but the registry doesn't declare them).
Instruction Scope: okThe SKILL.md instructs the agent/user to pip-install requirements and set BILIBILI_COOKIES, and then to run the included Python scripts. Runtime instructions do not ask the agent to read unrelated system files or exfiltrate data; the code only reads/writes a local cache (user_cache.json) and calls Bilibili API endpoints. SKILL.md also explicitly tells agents not to attempt alternative bypasses when rate-limited.
Install Mechanism: okThere is no automated install spec; this is an instruction-only skill that includes Python source files and a requirements.txt. The only dependency is requests (installed via pip as instructed). No remote binaries, URL downloads, or archive extraction are used — low install risk.
Credentials: concernThe skill requires a Bilibili cookie (sensitive session credentials) to access some APIs, which is proportionate to the task. The problem is that the registry metadata does not declare any required environment variables (primaryEnv none / requires.env none) while SKILL.md and README instruct the user to set BILIBILI_COOKIES. That omission is a transparency/security concern: the skill will ask for/expects a secret that the registry listing did not surface. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request permanent platform privileges (always:false). It writes a local cache file (user_cache.json) into the skill folder — normal for caching search results; .gitignore deliberately excludes that file. The code does not modify other skills or system-wide agent settings.