ClawHub

B站视频转文字&总结神器-Bilibili video transcribe&summary

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it fetches Bilibili subtitles or audio, may send audio to SiliconFlow for transcription, and writes local output files.

Install only if you are comfortable with Bilibili media being downloaded locally and, when official subtitles are unavailable, audio being sent to SiliconFlow for transcription. Use a private output directory, delete audio/transcript files after sensitive jobs, and avoid running the script on non-Bilibili URLs unless the URL handling is tightened.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to skip repeated environment/API-key checks and user-facing setup or permission reminders once a `.skill-ready.json` marker exists, then proceed directly with networked execution and file writes. This weakens runtime consent and transparency controls, because a stale or copied marker file can cause the agent to perform external requests and local writes without reaffirming that the current execution context is appropriate.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script uploads local audio content to SiliconFlow for transcription, and this can include user-derived media or speech content that may be sensitive. While the behavior is part of the feature, there is no meaningful consent gate, warning, or data-handling notice in the code path before transmission, so users may unknowingly send content to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal