ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

bilibili 热门视频推荐排行榜

v1.0.2

实时获取B站首页热门推荐视频榜单,输出视频标题、作者、链接及分类,无需登录,内容实时更新。

0· 69·0 current·0 all-time
byLey@lvleiai123
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose is to fetch Bilibili's homepage hot recommendations without login. The included script does attempt to return titles, authors, links, and categories — so capability matches purpose — but it retrieves data from an unrelated third‑party base_url (https://lvhomeproxy2.dpdns.org/api/bilibili/web/fetch_com_popular) rather than from official Bilibili endpoints (api.bilibili.com or scraping bilibili.com). Requiring an external proxy for a task that could be implemented by calling official APIs or scraping is disproportionate and unexpected.
Instruction Scope
SKILL.md instructs use of the provided script and mentions installing requests; it does not request reading local files or secrets. However, the runtime script performs an outbound GET to a private domain (lvhomeproxy2.dpdns.org). That external network call is not documented in SKILL.md as a third‑party proxy and expands the skill's effective scope (user IP, request headers, and usage data will be visible to that host).
Install Mechanism
There is no install spec (instruction-only), but SKILL.md and the script require the requests Python library. This is low risk in itself, but the absence of an install step means consumers may not realize a network call is made to a non-official service.
Credentials
The skill requests no environment variables, credentials, or config paths — nothing appears to overreach in terms of claimed secret access.
Persistence & Privilege
The skill does not request always:true and uses normal invocation settings. It does not attempt to modify other skills or system settings.
What to consider before installing
This skill largely does what it claims, but it fetches data from an unknown third‑party proxy (lvhomeproxy2.dpdns.org) rather than official Bilibili endpoints. That means the proxy operator can see your requests and could tamper with responses — a privacy/trust risk. Before installing or using: - Consider rejecting or sandboxing network calls to untrusted hosts. Run the script locally and monitor outbound connections. - Ask the author why a private proxy is used and for the proxy's provenance or switch the code to use official Bilibili APIs/scraping. - Note minor inconsistencies (script filename/version mismatch in SKILL.md). These are likely sloppy but worth confirming. - If you must use it, prefer running the Python script on a machine/network you control and inspect responses; avoid giving any credentials (none are required). If you cannot verify the proxy, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk979bza9dh769k0j1h7k0q6xnn843gfy
69downloads
0stars
1versions
Updated 2w ago
v1.0.2
MIT-0
Ley@lvleiai123
latest
Download

获取B站热门视频排行榜

核心功能

1. 无需key值即可直接获取bilibili热门推荐视频的信息
2. 实时抓取 Bilibili 首页“热门”分区的视频榜单(默认前20)
3. 结构化输出 每条视频包含: 视频标题 、UP 主(作者)昵称、视频地址、视频分类
4. 自动更新,每次调用均返回最新榜单,确保内容时效性

使用方法

直接使用以下任一指令即可触发:

1. 获取B站热门视频
2. 获取bilibili热门视频排行榜
3. 帮我看看现在B站最火的视频有哪些

使用场景

1. 想快速知道今天 B 站大家都在看什么?
2. 寻找近期爆火的优质内容或潜力 UP 主?
3. 做内容分析、热点追踪或竞品调研?

脚本信息

- 脚本路径:`scripts/bilibili-hot-recommend.py`
- 脚本依赖:需要安装requests 库,可通过pip3 install requests 自动安装
- 输出格式:按热度从高到低排序的列表,每项包含【标题 + 作者 + 视频地址 + 视频分类】
💡 提示:该榜单反映的是全站综合热度(包括播放、点赞、投币、收藏、评论等维度),是了解中文互联网年轻群体兴趣风向的重要窗口

Comments

Loading comments...