ClawHub

Bilibili Up Master

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does Bilibili analytics as advertised, but it weakens HTTPS security and stores generated data in a predictable temporary folder.

Install only if you are comfortable with the skill using browser or agent-reach for Bilibili pages and writing local analysis files under /tmp/bilibili-data. Prefer a dedicated browser profile, delete generated reports when done, and ask the publisher to remove the global HTTPS certificate-verification override and add safer storage and cleanup controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README exposes very broad natural-language trigger phrases like monitoring hot videos or analyzing creators without any stated scope, confirmation step, or activation constraints. In an agent setting, such generic triggers can cause unintended invocation and collection/processing of external data when a user says something conversationally similar.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README states that the skill uses browser or agent-reach to obtain data and stores it under /tmp/bilibili-data/, but it provides no warning about what data may be collected, retained, or exposed. This creates risk of privacy leakage, unexpected persistence of scraped or user-linked data, and weak handling expectations for temporary storage that may be accessible to other local processes.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The example triggers are broad natural-language phrases that could easily appear in ordinary conversation, making accidental or unintended skill activation more likely. In an agent environment with browser/network capabilities, ambiguous activation boundaries can cause unsolicited scraping, report generation, or external requests without clear user intent.

Vague Triggers

Low
Confidence
76% confidence
Finding
These invocation examples are underspecified and may match common user requests that are not intended to activate a high-capability skill. Because the skill is designed to analyze external content and generate reports, ambiguous triggers increase the chance of unintended actions and data retrieval.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill creates a predictable data directory under /tmp and stores reports/cached content there without disclosure, retention controls, or permission hardening. In multi-user or shared-runtime environments, /tmp is commonly accessible to other local processes, which can expose potentially sensitive user queries, creator names, URLs, and generated reports.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase on line 12 ("B站运营") is broad enough to match many ordinary user requests about general Bilibili operations, not just requests intended for this specific skill. Over-broad routing can cause unintended activation of the skill, exposing users to incorrect tool use, irrelevant browsing/actions, or accidental data handling in contexts where the skill was not explicitly desired.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrase on line 13 ("分析UP主") is ambiguous because it does not clearly constrain platform, task type, or expected scope, so it may match unrelated requests to analyze creators in other contexts. This increases the chance of accidental invocation and misrouting, especially in a multi-skill environment where trigger precision is important for safe and predictable tool selection.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal