Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
📺 Bilibili Skill
v1.0.0B 站 (Bilibili) CLI 工具 - 发布动态、管理视频、搜索内容、获取弹幕
⭐ 0· 437·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's functionality (posting, deleting, searching on Bilibili) coherently requires Bilibili authentication and a CLI client; however the registry metadata lists no required environment variables or credentials while the SKILL.md and wrapper script clearly depend on SESSDATA / bili_jct / buvid3 (via env vars or a cookies file). This discrepancy between stated requirements and actual needs is incoherent and could mislead users about what secrets will be used.
Instruction Scope
Runtime instructions and examples tell the agent/user to store and read cookies from a workspace file (/root/.openclaw/workspace/bilibili-cookies.md) or environment variables, to add an MCP server entry to ~/.openclaw/openclaw.json (modifying agent configuration), and include an example using subprocess.run(..., shell=True) for batch publishing. These steps cause the agent (or a user) to read and persist sensitive credentials and to wire an external MCP server into the agent — actions beyond simple CLI invocation and worth vetting.
Install Mechanism
The skill is instruction-only (no automated install), which is low-risk, but the README/SKILL.md recommend pip installing multiple packages (including bilibili-api-python and others) and use of --break-system-packages. The recommended installs are from PyPI (expected) but the --break-system-packages flag is unusual and risky. No downloads from arbitrary URLs are programmed by the skill itself.
Credentials
Although registry metadata lists no required env vars, the wrapper script and documentation require BILIBILI_SESSDATA, BILIBILI_BILI_JCT, and BILIBILI_BUVID3 (or a cookies file). Asking for three account cookies/keys is proportionate to the stated capability, but the fact they are not declared in the skill manifest and the recommended storage is an unencrypted workspace file increases risk of accidental credential exposure.
Persistence & Privilege
The SKILL.md instructs adding a new MCP server entry to ~/.openclaw/openclaw.json pointing at an external script inside the workspace. That change would cause the agent to load/run external code via stdio transport. While the skill is not marked always:true, advising or automating modification of agent configuration to add an external MCP server expands the attack surface and should be treated with care.
What to consider before installing
This skill appears to be a legitimate Bilibili CLI wrapper, but it has important mismatches and risky recommendations you should review before installing. Key points: (1) It requires sensitive Bilibili cookies (SESSDATA, bili_jct, buvid3) even though the registry metadata doesn't declare them — do not store these in plaintext under the shared workspace unless you accept the risk. (2) The README instructs adding an MCP server entry to your ~/.openclaw/openclaw.json that points to an external script in the workspace — that lets the agent run that code and increases risk; only add this if you trust the source and have inspected the referenced code. (3) Avoid running ambiguous installer commands (the docs mention pip with --break-system-packages and example use of curl | sh in a posted message); install dependencies from trusted sources and avoid --break-system-packages. (4) Review the bilibili-cli implementation you will invoke (the skill expects /root/.openclaw/workspace/external/bilibili-api/bilibili-cli.py) — ensure it's the authentic project and inspect it for unexpected network endpoints or telemetry. (5) If you proceed, keep cookies in a secure secrets store or environment scoped to the process, not an unencrypted workspace file, and consider manual, minimal configuration rather than auto-adding MCP servers. If you want higher confidence, ask the maintainer for a provenance link to the exact bilibili-cli they expect and for the skill manifest to be updated to declare the required env vars.Like a lobster shell, security has layers — review code before you run it.
apivk975h8507zdmkvcvvkm1v2we3182vypvbilibilivk975h8507zdmkvcvvkm1v2we3182vypvlatestvk975h8507zdmkvcvvkm1v2we3182vypvsocialvk975h8507zdmkvcvvkm1v2we3182vypv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📺 Clawdis
Binspython3, bilibili-cli