Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
BibiGPT Skill
v1.0.0BibiGPT CLI for summarizing videos, audio, and podcasts directly in the terminal. Use when the user wants to summarize a URL (YouTube, Bilibili, podcast, etc...
⭐ 1· 921·3 current·3 all-time
byJimmyLv_吕立青@jimmylv
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md and scripts/bibi-check.sh clearly expect the 'bibi' CLI (and indirectly the desktop app) or an environment variable BIBI_API_TOKEN to be present. However the registry metadata lists no required binaries, no required env vars, and no primary credential. That metadata omission is inconsistent with the documented purpose and should be clarified.
Instruction Scope
The runtime instructions tell the agent to run 'bibi' commands (summarize, auth, check-update, self-update). The docs also say the CLI will read a saved login session from the desktop app — which implies the agent/CLI may access local app settings or token files. While this is plausible for a CLI that authenticates, the skill instructions do not specify where those session files live, and the registry metadata did not declare access to local config paths. The instructions also include 'self-update', which downloads and installs new code — a capability that can escalate risk if the source is unverified.
Install Mechanism
There is no install spec in the skill package (instruction-only), and the only included script merely checks for the 'bibi' binary. No downloads or extract/install steps are embedded in the skill itself. The SKILL.md points users to Homebrew/winget or the vendor site to install the desktop/CLI, which is typical for a wrapper/integration skill.
Credentials
The SKILL.md explicitly documents the optional/alternative BIBI_API_TOKEN environment variable and refers to reading the desktop app's saved session; both can expose sensitive credentials. Those environment/config needs are reasonable for a client of a remote API, but they are not declared in the skill metadata — a proportionality mismatch. Users should assume the agent (via the CLI) can access tokens stored in environment variables or local app config.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide agent settings. It appears to be invocable by the user or agent normally and does not request elevated persistent privileges in the manifest.
What to consider before installing
This skill looks like a thin wrapper around the BibiGPT CLI, but the published metadata omits important details. Before installing or using: 1) Ask the publisher for the source code or an official homepage and confirm the official download URL. 2) Verify whether the desktop app stores tokens in plaintext or a secure store — if it does, be cautious because the CLI will read that session. 3) Prefer using a dedicated, limited-scope API token (BIBI_API_TOKEN) set in an environment isolated from other secrets, and avoid pasting tokens into shells you don't control. 4) Review the upstream CLI's update/self-update behavior — auto-updates can fetch and run arbitrary code. 5) If you need stronger assurance, request the skill author update the registry metadata to declare required binaries and env vars (bibi, BIBI_API_TOKEN) and provide a homepage or source repository; without that, treat the skill as unverified and proceed cautiously.Like a lobster shell, security has layers — review code before you run it.
latestvk97faxc1r7dn5nf0kyvxnq043x82j7mv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.