bilibili-watcher
Security checks across malware telemetry and agentic risk
Overview
This is a coherent Bilibili transcript-fetching skill; its main things to notice are that it relies on the external yt-dlp tool and runs a local helper command.
This skill appears safe for its stated purpose. Before installing, make sure you trust the yt-dlp dependency, install it from a reputable source, and use the helper only with intended Bilibili video links.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill runs whatever yt-dlp version is installed on the user's machine.
The skill depends on an external CLI package and suggests installing it from pip without a version pin. This is normal for the stated purpose but means the installed dependency is part of the trust boundary.
"requires":{"bins":["yt-dlp"]},"install":[{"id":"pip","kind":"pip","package":"yt-dlp"Install yt-dlp from a trusted source, keep it updated, and consider pinning or reviewing the package version in sensitive environments.
When invoked, the skill contacts the video service through yt-dlp and may create subtitle-related output in the working environment.
The helper runs the external yt-dlp command to fetch subtitles. The command execution is central to the skill's purpose and uses a fixed argument list, but users should be aware it is local command execution with network access and subtitle output behavior.
cmd = [
'yt-dlp',
'--skip-download',
'--write-sub',
'--write-auto-sub',Use it only for intended Bilibili video URLs and run it in a normal user workspace rather than a sensitive directory.