Skillv1.0.0

ClawScan security

Bilibili Video Captions API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 23, 2026, 4:15 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (calling JustOneAPI to fetch Bilibili captions), requests only a single API token and node, and contains no obvious exfiltration or unrelated privileges.
Guidance: This skill appears to do what it claims, but check these before installing: 1) The helper script prints only raw JSON (it does not include the short summary the SKILL.md requests), so expect the agent to perform any summarization itself. 2) The API token is passed as a query parameter — tokens in URLs can be logged by proxies; consider using a token with limited scope and rotation. 3) The skill requires Node (ensure your Node is up-to-date and supports fetch) and executes a provided script — review the script (bin/run.mjs) if you need to audit behavior. 4) Only provide JUST_ONE_API_TOKEN if you trust JustOneAPI and understand its permissions and rate limits. If any of these points are a concern, ask the publisher for clarification or a version that sends the token in an Authorization header and/or returns the summary as documented.

Purpose & Capability: okName and description match the required pieces: it calls JustOneAPI's Bilibili captions endpoint. Declared requirements (node, JUST_ONE_API_TOKEN) are appropriate and proportional to the described task.
Instruction Scope: noteSKILL.md instructs the agent to echo operation ID and produce a short summary before returning raw JSON, but the included bin/run.mjs only prints the raw JSON response (no summary/echo). The SKILL.md input table omits the token parameter (it documents 'required non-token inputs' as aid, bvid, cid) while the runtime requires a token passed via --token. These are inconsistencies in expected output and documentation, not indicators of malicious behavior.
Install Mechanism: okNo install spec; the skill is instruction-only with a small Node script included. No downloads from external or untrusted URLs, no archive extraction, and the script is a straightforward HTTP client.
Credentials: okOnly JUST_ONE_API_TOKEN is required (declared as primary credential). That is expected for an API client. Note: the token is sent as a query parameter per the operation definition, which can be logged by intermediaries — a privacy/operational concern but not an incoherence.
Persistence & Privilege: okalways:false and normal autonomous invocation settings. The skill does not request persistent platform-wide privileges or modify other skills/config; no elevated persistence observed.