bilibili 热门视频推荐排行榜
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears to fetch public Bilibili video recommendations, but it does so through an undisclosed third-party proxy rather than a Bilibili domain.
This skill is not clearly malicious and does not request credentials, but its results come from an unknown proxy domain instead of a disclosed Bilibili endpoint. Install it only if you are comfortable with that third-party service receiving the request and controlling the returned video list.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may think the agent is only contacting Bilibili, while the request and resulting recommendation data are actually mediated by an unknown third party.
The skill describes fetching Bilibili hot recommendations, but the code obtains results from an undisclosed third-party dynamic-DNS proxy rather than a Bilibili domain. This creates unclear provenance for both the network destination and returned links/content.
base_url = "https://lvhomeproxy2.dpdns.org"
Disclose the proxy in SKILL.md and metadata, explain why it is needed, or use an official/direct Bilibili endpoint where possible. Users should review this endpoint before installing.
The skill may fail unless the Python requests package is already installed, and the dependency is not captured in the formal install metadata.
The documentation says the script depends on requests, but the registry requirements list no required binaries, env vars, or install spec. This is under-declared setup information, though requests is expected for a Python web-fetching script.
脚本依赖:需要安装requests 库,可通过pip3 install requests 自动安装
Declare the Python dependency in the install/metadata contract and ensure any setup instructions are explicit and user-approved.