ClawHub

Bilibili API

Security checks across malware telemetry and agentic risk

Overview

This is a coherent read-only Bilibili API wrapper, but users should treat its JustOneAPI token and retrieved profile/comment data carefully.

Install only if you need JustOneAPI-backed Bilibili lookups. Use a dedicated low-privilege token, avoid logging command lines or request URLs, rotate the token if exposed, and handle returned profiles, comments, danmaku, and captions as potentially personal user-generated content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The top-level description materially understates the skill’s capabilities by mentioning only three use cases while the manifest exposes additional operations such as comments, danmaku, captions, search, relation stats, and share-link resolution. This can mislead users or reviewers about the data flows and functionality being enabled, reducing informed consent and weakening security review.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The API token is defined as a query parameter and later added to the request URL, which exposes it in places URLs are commonly logged or retained, such as proxies, browser history equivalents, observability systems, and server access logs. Even over HTTPS, query-string credentials are more broadly exposed than header-based secrets and can be replayed if leaked.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill performs outbound requests to a third-party endpoint using user-supplied parameters and an API token without any confirmation, minimization, or disclosure. In this context, identifiers and the token are transmitted off-platform, increasing the risk of unintended data sharing and secret exposure, especially because the token is placed in the URL query string.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The API requires an access token in the query string, which is a risky credential transport pattern because query parameters are commonly logged by clients, proxies, gateways, analytics systems, browser history, and server access logs. In this skill, every operation depends on that token, so accidental exposure could grant broad access to the third-party API account.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill documents endpoints that require an access token and retrieve user profile data, but provides no warning about secure token handling, data minimization, or privacy implications. In agent environments, this omission can lead users or downstream tools to expose tokens in logs, prompts, URLs, or telemetry and to collect profile data without informed handling expectations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
These endpoints enable collection of user-generated content such as comments, danmaku, and captions, potentially including usernames, opinions, behavioral signals, and other personal or sensitive context, yet the documentation gives no warning about privacy, consent, retention, or moderation risks. In an analytics-focused skill, that increases the chance of bulk collection or repurposing of UGC without appropriate safeguards or user awareness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal