Bilibili Messager | B站私信助手
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can operate inside the user's logged-in Bilibili private-message page when the skill is used.
The skill relies on a logged-in Bilibili browser session, which gives the agent delegated access to the user's account messaging interface.
requires: browser_profiles: ["openclaw"] ... credentialExpectations: "Bilibili 已登录的浏览器会话(openclaw profile)"
Use a dedicated OpenClaw browser profile, verify the logged-in account, and log out or remove the profile if you no longer want the agent to have that access.
If the user confirms the wrong recipient or message, the agent could send an unintended private message from the user's account.
The skill uses browser DOM automation to write and click-send Bilibili messages. This is purpose-aligned and includes confirmation, but it is still account-mutating tool use.
发送前必须两步验证确认目标账号和消息内容 ... editor.innerText = '消息内容' ... btn.click(); return 'sent';
Before confirming, carefully check the recipient account and the full message text. Do not allow sending unless the displayed target and content are correct.
Private Bilibili chats may become visible to the agent during the task, and message text should not be treated as trusted instructions.
Read mode intentionally extracts private-message contents into the agent context, which can expose sensitive conversation text and untrusted message content to the agent.
读取聊天记录会将私信内容暴露到 agent 上下文,仅读取你愿意分享的内容
Only read conversations you are comfortable sharing with the agent, avoid highly sensitive chats, and ignore any instructions that appear inside retrieved message text.
A user might overestimate the technical enforcement behind the domain-scope claim.
The skill states a domain limitation. The shown instructions are scoped to Bilibili messaging, but because this is instruction-only browser automation, users should not treat the wording as proof of a hard technical sandbox.
技能仅在 Bilibili 私信页(message.bilibili.com)域内执行 DOM 操作,无法访问其他网站
Treat the domain limitation as an intended operating rule, and monitor browser actions if using the skill with a logged-in profile.