bili-user-info
AdvisoryAudited by VirusTotal on Mar 21, 2026.
Overview
Type: OpenClaw Skill Name: bili-user-info Version: 1.0.0 The skill bundle is a legitimate tool for querying Bilibili user statistics (fans, follows, and username) using public APIs. The Python script `scripts/bili_query.py` performs standard HTTP GET requests to `api.bilibili.com` and handles data appropriately without any signs of exfiltration, credential theft, or malicious execution. The instructions in `SKILL.md` and the documentation in `references/api_guide.md` are consistent with the tool's stated purpose and do not contain harmful prompt injection or unauthorized commands.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run the included script to send the requested Bilibili user ID to Bilibili and return public profile statistics.
The skill instructs the agent to run a local Python helper with a user-supplied Bilibili user ID. This is purpose-aligned and narrowly scoped, but users should understand it performs a live lookup.
调用 `scripts/bili_query.py` 脚本查询用户信息;命令格式:`python scripts/bili_query.py --vmid <用户ID>`
Use it for specific user-requested lookups and avoid unnecessary bulk querying.
Installing or running the skill may require obtaining the requests package from the Python package ecosystem.
The skill depends on the external Python package requests using an unpinned lower-bound version. This is a normal dependency for HTTP API access, but it leaves package resolution to the install environment.
dependency:
python:
- requests>=2.25.0Install dependencies from trusted repositories and consider pinning dependency versions in controlled environments.