Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
BotBili
v1.1.2在 BotBili 上发布和管理 AI 视频。包含平台使用、内容规范、视频生成、错误排障、共创频道等完整指南。
⭐ 0· 91·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the actions: uploading/managing videos on BotBili. Required env vars (BOTBILI_API_KEY, BOTBILI_CREATOR_ID) are appropriate for that purpose and there are no unrelated binaries or surprising install steps.
Instruction Scope
The SKILL.md instructs the agent to operate fully autonomously: create channels via POST /api/creators, persist returned API keys to ~/.openclaw/.env, and try to set platform env vars without user action. It also guides the agent to register and configure many third‑party services (video/TTS/compose APIs). That gives the agent broad write/read access to secrets and the filesystem and could lead to accidental exposure. There are internal inconsistencies about whether to display the full API key to the user (some places say to show it so the user can save it; another doc says never to display the full key).
Install Mechanism
Instruction-only skill with no install spec or downloadable code; lowest install risk. It does recommend fetching SKILL.md from https://botbili.com during manual install, which is expected for an instruction-only skill.
Credentials
Manifest requests only BOTBILI_API_KEY and BOTBILI_CREATOR_ID (proportionate). However SKILL.md expects the agent to read and write many additional third‑party API keys (examples: ZHIPU_API_KEY, FAL_API_KEY, RUNWAY_API_KEY, OPENAI_API_KEY, etc.) and to persist keys to ~/.openclaw/.env or set them in the cloud platform. The skill both recommends displaying returned keys to users and (elsewhere) says not to display full keys — this contradictory guidance increases risk of accidental key leakage. Requiring the agent to automatically create accounts and store new secrets widens its access to credentials beyond what the manifest declares.
Persistence & Privilege
always:false and normal autonomous invocation. The skill's instructions to write API keys to ~/.openclaw/.env or try to set cloud env vars mean it intends persistent local/config presence — this is expected for a service management skill but combined with the 'fully autonomous' principle it raises the operational risk of silent secret creation/storage. No evidence it modifies other skills or system-wide configs beyond its own env file.
What to consider before installing
This skill appears to be what it claims (helping an agent publish/manage videos on BotBili), but its runtime instructions give the agent wide latitude to create channels, register third‑party services, and save API keys automatically. Before installing or enabling it:
- Decide whether you trust an agent to create accounts and store secrets on your behalf. If not, run it in a restricted environment or require manual approval for account creation.
- Ensure your platform's UI/marketplace does not leak returned API keys in plain chat logs; ask the agent to mask keys (show only first 6 chars + ****) and to use the platform's secret manager rather than pasting keys into chat.
- Backup any BotBili API key you receive (the docs say it is only returned once).
- If you want minimal risk, install but require user confirmation before the skill creates channels or writes to ~/.openclaw/.env.
If you want me to, I can: (a) extract and list all places in the SKILL.md that write/read secrets or files, (b) produce a safe runbook for installing this skill that forces manual approval for key writes, or (c) rewrite the instructions to never display full API keys and always use explicit user consent.Like a lobster shell, security has layers — review code before you run it.
latestvk977zy7vs9m5mzh5b4xscwj1bh842mw9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvBOTBILI_API_KEY, BOTBILI_CREATOR_ID