ClawHub

Bili Summary

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: download or transcribe Bilibili videos and optionally summarize them with Gemini, with privacy cautions for remote summarization.

Install only if you are comfortable with video transcripts or subtitles being sent to Gemini when summarization is used. Prefer using it on public videos or non-sensitive content, keep GEMINI_API_KEY scoped and stored locally, and watch for future versions that add stricter subtitle URL validation and clearer opt-in prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'req' from os.environ.get (line 251, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
req = urllib.request.Request(subtitle_url, headers={
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
        })
        with urllib.request.urlopen(req, timeout=10) as response:
            data = json.loads(response.read().decode('utf-8'))
            body = data.get("body", [])
Confidence
86% confidence
Finding
with urllib.request.urlopen(req, timeout=10) as response:

Tainted flow: 'req' from os.environ.get (line 251, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
headers={"Content-Type": "application/json"}
        )
        
        with urllib.request.urlopen(req, timeout=60) as response:
            result = json.loads(response.read().decode('utf-8'))
            return result.get("candidates", [{}])[0].get("content", {}).get("parts", [{}])[0].get("text", "总结失败")
    except Exception as e:
Confidence
97% confidence
Finding
with urllib.request.urlopen(req, timeout=60) as response:

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The summary feature sends subtitle/transcript content to an external LLM API, but the code does not present a just-in-time warning or explicit confirmation before transmission. In an agent skill context, this increases privacy risk because users may not realize downloaded or transcribed content is being shared with a third party.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal