ClawHub
Back to skill

Security audit

Video To Text

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it downloads or reads user-selected videos and transcribes them, but users should handle Bilibili cookies carefully.

Install only if you trust the Python packages and plan to transcribe videos you are allowed to access. Treat SESSDATA, bili_jct, and buvid3 as login credentials: avoid pasting them into chat or shell history, avoid hardcoding them in shared copies of the script, and rotate or log out of Bilibili if they are exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises and documents capabilities that involve network access, shelling out to tools like ffmpeg/yt-dlp, and reading/writing local files, but it does not declare permissions or provide an explicit capability/consent boundary. This is dangerous because users and hosting platforms may underestimate what the skill can do, increasing the risk of unintended downloads, local file processing, and disk writes without informed approval.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The documentation says the skill downloads videos and can save output, but it does not clearly and prominently warn that it will contact third-party services and may persist media/transcripts on disk, including temporary files. This can lead to privacy and data-handling surprises, especially when processing local files or authenticated Bilibili content using user-supplied credentials.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Passing Bilibili credentials via command-line arguments can expose secrets to other local users through process listings, shell history, job logs, or telemetry. In a tool that handles authenticated media downloads, this creates a realistic credential leakage path even if the script itself does not exfiltrate them.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.