Video To Text
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated video-to-text purpose, but users should handle Bilibili cookies, external downloads, and manual dependency installs carefully.
This skill appears safe for its stated purpose if you trust the dependencies and only process media you choose. Be especially careful with Bilibili SESSDATA/bili_jct/buvid3 values: treat them like login credentials, do not share them, and avoid storing them in a script that might be copied or published.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can download and process media from remote sites, using network bandwidth, disk space, and compute resources.
The skill invokes yt-dlp on a user-provided URL and writes downloaded media before transcription. This is central to the stated purpose and uses argument-list subprocess execution rather than shell interpolation.
cmd = ["yt-dlp", "-f", "bestaudio/best", "--extract-audio", "--audio-format", "wav", "-o", os.path.join(output_path, "%(title)s.%(ext)s"), url]
Use it only with URLs or local files you intend to process, and review output locations before running.
If these cookie values are exposed, someone else may be able to use your Bilibili session.
Bilibili support uses session-cookie values. This is disclosed and purpose-aligned, but these cookies represent account access and are more sensitive than a narrow-purpose API token.
Copy these values:\n - SESSDATA\n - bili_jct\n - buvid3\n\nWARNING: These are your login credentials. Don't share with others!
Avoid hardcoding cookies in shared files, avoid pasting them where they may enter logs or chat history, and rotate/log out of the session if they are exposed.
Future package updates or untrusted installation sources could change behavior or introduce vulnerabilities.
The documented setup uses unpinned third-party packages and a system ffmpeg dependency. This is expected for a video transcription tool, but dependency versions and provenance are not locked by the skill artifacts.
pip3 install bilibili-api-python yt-dlp faster-whisper aiohttp requests\n\n# Ensure ffmpeg is installed
Install in a virtual environment, use trusted package sources, and consider pinning versions for repeatable installs.