bilibili 热门视频推荐排行榜
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may think the agent is only contacting Bilibili, while the request and resulting recommendation data are actually mediated by an unknown third party.
The skill describes fetching Bilibili hot recommendations, but the code obtains results from an undisclosed third-party dynamic-DNS proxy rather than a Bilibili domain. This creates unclear provenance for both the network destination and returned links/content.
base_url = "https://lvhomeproxy2.dpdns.org"
Disclose the proxy in SKILL.md and metadata, explain why it is needed, or use an official/direct Bilibili endpoint where possible. Users should review this endpoint before installing.
The skill may fail unless the Python requests package is already installed, and the dependency is not captured in the formal install metadata.
The documentation says the script depends on requests, but the registry requirements list no required binaries, env vars, or install spec. This is under-declared setup information, though requests is expected for a Python web-fetching script.
脚本依赖:需要安装requests 库,可通过pip3 install requests 自动安装
Declare the Python dependency in the install/metadata contract and ensure any setup instructions are explicit and user-approved.