ClawHub

B站UP主数据采集

Security checks across malware telemetry and agentic risk

Overview

This Bilibili data skill is mostly a disclosed third-party API helper, but it includes raw session-cookie use for VIP media stream access and some unrelated platform fallback paths that need review before installation.

Install only if you trust MaxHub/aconfig.cn with your Bilibili queries, identifiers, API key, and any session cookies you provide. Avoid using the VIP cookie playback endpoint unless you fully understand the account and content-access risk, prefer a test account or scoped token where possible, and revoke or rotate cookies after use. The unrelated Douyin/Xiaohongshu fallback paths should be fixed before broad deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
This Bilibili skill includes fallback examples and downgrade mappings for unrelated Douyin/Xiaohongshu endpoints, which creates cross-skill confusion and can drive the agent to call the wrong third-party APIs. In practice, this increases the chance of unintended data transmission, incorrect endpoint selection, and misuse of credentials against services outside the declared scope.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
These endpoints document retrieval of direct video stream URLs, including VIP-quality playback, which goes beyond a generic metadata-query assistant and enables access to consumable media streams. In this context, especially with a VIP-cookie-based endpoint, the capability can facilitate unauthorized content access or redistribution and increases abuse potential.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The endpoint states that no parameters are required, but the description says it needs bv_id, cid, and a VIP user's cookie. This contradiction is dangerous because it obscures sensitive credential handling, increasing the chance that integrators mishandle or over-collect high-value session cookies and send them insecurely.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The example trigger words are extremely broad everyday terms such as “视频”, “详情”, “用户”, “搜索”, “评论”, and “推荐”, which can overlap with normal user conversation and cause the skill to activate unintentionally. In a data-query skill that can call external App/Web APIs, accidental invocation may lead to unintended network requests, irrelevant data retrieval, and confusing or privacy-impacting behavior.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The routing logic relies on broad everyday trigger words like 'find', 'show me', and generic topic terms, which can cause accidental invocation or misclassification of user intent. That can lead the agent to query external APIs when the user did not clearly request it, exposing prompts, search terms, or other user-provided data to the third-party service.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The document instructs use of a bearer token for requests to an external service but does not warn that user search terms and credentials will be transmitted off-platform. In an agent setting, this can lead to inadvertent disclosure of sensitive queries or misuse of API credentials because operators may not realize the privacy and trust boundary.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to send Bilibili user identifiers and share links to a third-party service (aconfig.cn) using an API key, but provides no warning about external data transmission, retention, or privacy implications. In a skill that processes user/account metadata, this omission can lead operators to unknowingly disclose personal or account-linked data to an external processor.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs use of a bearer API key but provides no warning that it is a secret requiring careful handling. In an agent/integration setting, that omission raises the risk of keys being hardcoded, logged, embedded in prompts, or exposed to downstream tools and users.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation requests a VIP user's cookie for a media-playback endpoint without any warning about sensitivity or safe handling. Session cookies are highly privileged credentials; collecting or forwarding them through an agent can enable account takeover, unauthorized access to paid content, and credential leakage through logs or traces.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal